Action not permitted
Modal body text goes here.
cve-2021-33193
Vulnerability from cvelistv5
Published
2021-08-16 00:00
Modified
2024-08-03 23:42
Severity ?
EPSS score ?
Summary
Request splitting via HTTP/2 method injection and mod_proxy
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Apache Software Foundation | Apache HTTP Server |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:42:20.253Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://portswigger.net/research/http2" }, { "tags": [ "x_transferred" ], "url": "https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch" }, { "name": "[httpd-cvs] 20210916 [httpd-site] branch main updated: Revert \"Add descriptions for CVE-2021-33193 CVE-2021-36160\"", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210916 [httpd-site] branch main updated: Add descriptions for CVE-2021-33193 CVE-2021-36160", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3Ccvs.httpd.apache.org%3E" }, { "name": "FEDORA-2021-5d2d4b6ac5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/" }, { "name": "FEDORA-2021-f94985afca", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/" }, { "name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210917-0004/" }, { "tags": [ "x_transferred" ], "url": "https://www.tenable.com/security/tns-2021-17" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "GLSA-202208-20", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "name": "[debian-lts-announce] 20230303 [SECURITY] [DLA 3351-1] apache2 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00002.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "Apache HTTP Server 2.4 2.4.17 to 2.4.48" } ] } ], "credits": [ { "lang": "en", "value": "Reported by James Kettle of PortSwigger" } ], "descriptions": [ { "lang": "en", "value": "A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48." } ], "metrics": [ { "other": { "content": { "other": "moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Request Splitting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-03T00:00:00", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "url": "https://portswigger.net/research/http2" }, { "url": "https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch" }, { "name": "[httpd-cvs] 20210916 [httpd-site] branch main updated: Revert \"Add descriptions for CVE-2021-33193 CVE-2021-36160\"", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210916 [httpd-site] branch main updated: Add descriptions for CVE-2021-33193 CVE-2021-36160", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3Ccvs.httpd.apache.org%3E" }, { "name": "FEDORA-2021-5d2d4b6ac5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/" }, { "name": "FEDORA-2021-f94985afca", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/" }, { "name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021", "tags": [ "vendor-advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20210917-0004/" }, { "url": "https://www.tenable.com/security/tns-2021-17" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "GLSA-202208-20", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "name": "[debian-lts-announce] 20230303 [SECURITY] [DLA 3351-1] apache2 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00002.html" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2021-05-11T00:00:00", "value": "reported" }, { "lang": "en", "time": "2021-08-06T00:00:00", "value": "public" } ], "title": "Request splitting via HTTP/2 method injection and mod_proxy", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-33193", "datePublished": "2021-08-16T00:00:00", "dateReserved": "2021-05-19T00:00:00", "dateUpdated": "2024-08-03T23:42:20.253Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-33193\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2021-08-16T08:15:11.480\",\"lastModified\":\"2023-11-07T03:35:49.050\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.\"},{\"lang\":\"es\",\"value\":\"Un m\u00e9todo dise\u00f1ado enviado mediante HTTP/2 omitir\u00e1 la comprobaci\u00f3n y ser\u00e1 reenviado por mod_proxy, lo que puede conllevar a la divisi\u00f3n de peticiones o el envenenamiento de la cach\u00e9. Este problema afecta a Apache HTTP Server versiones 2.4.17 a 2.4.48.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.17\",\"versionEndIncluding\":\"2.4.48\",\"matchCriteriaId\":\"C700D9C3-7023-48A7-8A76-70597D99829E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.19.1\",\"matchCriteriaId\":\"A686FAF0-1383-4BBB-B7F5-CBCCAB55B356\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.1.0.1.0\",\"matchCriteriaId\":\"C01E8B82-71C7-4A4A-A70A-7B147524AB4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"}]}]}],\"references\":[{\"url\":\"https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/03/msg00002.html\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/\",\"source\":\"security@apache.org\"},{\"url\":\"https://portswigger.net/research/http2\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-20\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210917-0004/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-17\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
gsd-2021-33193
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2021-33193", "description": "A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.", "id": "GSD-2021-33193", "references": [ "https://www.suse.com/security/cve/CVE-2021-33193.html", "https://ubuntu.com/security/CVE-2021-33193", "https://advisories.mageia.org/CVE-2021-33193.html", "https://security.archlinux.org/CVE-2021-33193", "https://alas.aws.amazon.com/cve/html/CVE-2021-33193.html", "https://linux.oracle.com/cve/CVE-2021-33193.html", "https://access.redhat.com/errata/RHSA-2022:1915", "https://access.redhat.com/errata/RHSA-2022:6753", "https://access.redhat.com/errata/RHSA-2022:7143", "https://access.redhat.com/errata/RHSA-2022:7144" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-33193" ], "details": "A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.", "id": "GSD-2021-33193", "modified": "2023-12-13T01:23:18.945226Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-33193", "STATE": "PUBLIC", "TITLE": "Request splitting via HTTP/2 method injection and mod_proxy" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache HTTP Server", "version": { "version_data": [ { "version_name": "Apache HTTP Server 2.4", "version_value": "2.4.17 to 2.4.48" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "Reported by James Kettle of PortSwigger" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "moderate" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Request Splitting" } ] } ] }, "references": { "reference_data": [ { "name": "https://portswigger.net/research/http2", "refsource": "MISC", "url": "https://portswigger.net/research/http2" }, { "name": "https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch", "refsource": "MISC", "url": "https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch" }, { "name": "[httpd-cvs] 20210916 [httpd-site] branch main updated: Revert \"Add descriptions for CVE-2021-33193 CVE-2021-36160\"", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210916 [httpd-site] branch main updated: Add descriptions for CVE-2021-33193 CVE-2021-36160", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3Ccvs.httpd.apache.org%3E" }, { "name": "FEDORA-2021-5d2d4b6ac5", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/" }, { "name": "FEDORA-2021-f94985afca", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/" }, { "name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20210917-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210917-0004/" }, { "name": "https://www.tenable.com/security/tns-2021-17", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-17" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "GLSA-202208-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-20" }, { "name": "[debian-lts-announce] 20230303 [SECURITY] [DLA 3351-1] apache2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00002.html" } ] }, "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "eng", "time": "2021-05-11", "value": "reported" }, { "lang": "eng", "time": "2021-08-06", "value": "public" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.4.48", "versionStartIncluding": "2.4.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.19.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "18.1.0.1.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-33193" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://portswigger.net/research/http2", "refsource": "MISC", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://portswigger.net/research/http2" }, { "name": "https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch" }, { "name": "[httpd-cvs] 20210916 [httpd-site] branch main updated: Add descriptions for CVE-2021-33193 CVE-2021-36160", "refsource": "MLIST", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210916 [httpd-site] branch main updated: Revert \"Add descriptions for CVE-2021-33193 CVE-2021-36160\"", "refsource": "MLIST", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3Ccvs.httpd.apache.org%3E" }, { "name": "https://security.netapp.com/advisory/ntap-20210917-0004/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210917-0004/" }, { "name": "FEDORA-2021-5d2d4b6ac5", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/" }, { "name": "https://www.tenable.com/security/tns-2021-17", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2021-17" }, { "name": "FEDORA-2021-f94985afca", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/" }, { "name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021", "refsource": "CISCO", "tags": [ "Third Party Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "GLSA-202208-20", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "name": "[debian-lts-announce] 20230303 [SECURITY] [DLA 3351-1] apache2 security update", "refsource": "MLIST", "tags": [], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00002.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2023-03-03T19:15Z", "publishedDate": "2021-08-16T08:15Z" } } }
rhsa-2022_7144
Vulnerability from csaf_redhat
Published
2022-10-26 20:05
Modified
2024-11-06 01:51
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
Notes
Topic
An update is now available for Red Hat JBoss Core Services.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)
* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
* expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
* expat: Integer overflow in storeRawNames() (CVE-2022-25315)
* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)
* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
* httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524)
* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)
* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)
* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)
* expat: stack exhaustion in doctype parsing (CVE-2022-25313)
* expat: integer overflow in copyString() (CVE-2022-25314)
* expat: integer overflow in the doProlog function (CVE-2022-23990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Core Services.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)\n\n* httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)\n\n* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\n* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)\n\n* expat: stack exhaustion in doctype parsing (CVE-2022-25313)\n\n* expat: integer overflow in copyString() (CVE-2022-25314)\n\n* expat: integer overflow in the doProlog function (CVE-2022-23990)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7144", "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1966728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728" }, { "category": "external", "summary": "2005119", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119" }, { "category": "external", "summary": "2005124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124" }, { "category": "external", "summary": "2010934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010934" }, { "category": "external", "summary": "2034672", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672" }, { "category": "external", "summary": "2044451", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451" }, { "category": "external", "summary": "2044455", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455" }, { "category": "external", "summary": "2044457", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457" }, { "category": "external", "summary": "2044464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464" }, { "category": "external", "summary": "2044467", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467" }, { "category": "external", "summary": "2044479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479" }, { "category": "external", "summary": "2044484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484" }, { "category": "external", "summary": "2044488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488" }, { "category": "external", "summary": "2044613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613" }, { "category": "external", "summary": "2048356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356" }, { "category": "external", "summary": "2056350", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350" }, { "category": "external", "summary": "2056354", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354" }, { "category": "external", "summary": "2056363", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363" }, { "category": "external", "summary": "2056366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366" }, { "category": "external", "summary": "2056370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370" }, { "category": "external", "summary": "2067945", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067945" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7144.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update", "tracking": { "current_release_date": "2024-11-06T01:51:23+00:00", "generator": { "date": "2024-11-06T01:51:23+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:7144", "initial_release_date": "2022-10-26T20:05:57+00:00", "revision_history": [ { "date": "2022-10-26T20:05:57+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-07T10:20:59+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T01:51:23+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services 1", "product": { "name": "Red Hat JBoss Core Services 1", "product_id": "Red Hat JBoss Core Services 1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-25032", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2022-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2067945" } ], "notes": [ { "category": "description", "text": "An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payloads), the buffer into which the compressed or deflated data is written can overwrite the distance symbol table which it overlays. This issue results in corrupted output due to invalid distances, which leads to out-of-bound access, corrupting the memory and potentially crashing the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib: A flaw found in zlib when compressing (not decompressing) certain inputs", "title": "Vulnerability summary" }, { "category": "other", "text": "This bug was introduced in zlib v1.2.2.2 through zlib v1.2.11, with the addition of the Z_FIXED option, which forces the use of fixed Huffman codes, rather than dynamic Huffman codes, allowing for a simpler decoder for special applications.\n\nThis bug is difficult to trigger, as Z_FIXED is usually only used in special circumstances.\n\nRsync does the compression in-transit using zlib. As rsync uses vulnerable zlib v1.2.8 package, which incorrectly handles memory when performing certain zlib compressing or deflating operations. This results in rsync to crash.\n\nNote - The issue wasn\u0027t publicly labelled as security vulnerability until 2022, but the fix was public since 2018.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-25032" }, { "category": "external", "summary": "RHBZ#2067945", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067945" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-25032", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" } ], "release_date": "2018-04-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "zlib: A flaw found in zlib when compressing (not decompressing) certain inputs" }, { "cve": "CVE-2021-33193", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966728" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference was found in Apache httpd mod_h2. The highest threat from this flaw is to system integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Request splitting via HTTP/2 method injection and mod_proxy", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33193" }, { "category": "external", "summary": "RHBZ#1966728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33193", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33193" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33193", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33193" }, { "category": "external", "summary": "https://portswigger.net/research/http2", "url": "https://portswigger.net/research/http2" } ], "release_date": "2021-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling HTTP/2. More information available at: https://httpd.apache.org/docs/2.4/mod/mod_http2.html", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Request splitting via HTTP/2 method injection and mod_proxy" }, { "cve": "CVE-2021-36160", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2021-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2005124" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-36160" }, { "category": "external", "summary": "RHBZ#2005124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-36160", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36160" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36160", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36160" } ], "release_date": "2021-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path" }, { "cve": "CVE-2021-39275", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2005119" } ], "notes": [ { "category": "description", "text": "An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Out-of-bounds write in ap_escape_quotes() via malicious input", "title": "Vulnerability summary" }, { "category": "other", "text": "No httpd module in Red Hat Enterprise Linux and Red Hat Software Collections pass untrusted data to ap_escape_quotes function, thus the Impact of the flaw has been set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-39275" }, { "category": "external", "summary": "RHBZ#2005119", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39275", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39275", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39275" } ], "release_date": "2021-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Out-of-bounds write in ap_escape_quotes() via malicious input" }, { "cve": "CVE-2021-41524", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-10-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2010934" } ], "notes": [ { "category": "description", "text": "While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: NULL pointer dereference via crafted request during HTTP/2 request processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue only affects Apache HTTP Server 2.4.49 and Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP9, earlier versions are not affected. Therefore this issue does not affect the other versions of Apache HTTP Server shipped with Red Hat products.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-41524" }, { "category": "external", "summary": "RHBZ#2010934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010934" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-41524", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41524" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41524", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41524" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: NULL pointer dereference via crafted request during HTTP/2 request processing" }, { "cve": "CVE-2021-44224", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2021-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034672" } ], "notes": [ { "category": "description", "text": "There\u0027s a null pointer dereference and server-side request forgery flaw in httpd\u0027s mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Domain Socket requests. In the worst case, this could cause a denial of service or compromise to confidentiality of data.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: possible NULL dereference or SSRF in forward proxy configurations", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw does not affect httpd configurations that do not use forward proxy functionality (configurations where ProxyRequests is turned off).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44224" }, { "category": "external", "summary": "RHBZ#2034672", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44224", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44224" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44224", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44224" }, { "category": "external", "summary": "http://httpd.apache.org/security/vulnerabilities_24.html", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: possible NULL dereference or SSRF in forward proxy configurations" }, { "cve": "CVE-2021-45960", "cwe": { "id": "CWE-130", "name": "Improper Handling of Length Parameter Inconsistency" }, "discovery_date": "2022-01-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044451" } ], "notes": [ { "category": "description", "text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-45960" }, { "category": "external", "summary": "RHBZ#2044451", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45960", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45960" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/issues/531", "url": "https://github.com/libexpat/libexpat/issues/531" } ], "release_date": "2022-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat" }, { "cve": "CVE-2021-46143", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044455" } ], "notes": [ { "category": "description", "text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Integer overflow in doProlog in xmlparse.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-46143" }, { "category": "external", "summary": "RHBZ#2044455", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-46143", "url": "https://www.cve.org/CVERecord?id=CVE-2021-46143" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/issues/532", "url": "https://github.com/libexpat/libexpat/issues/532" } ], "release_date": "2022-01-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: Integer overflow in doProlog in xmlparse.c" }, { "cve": "CVE-2022-22822", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044457" } ], "notes": [ { "category": "description", "text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Integer overflow in addBinding in xmlparse.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22822" }, { "category": "external", "summary": "RHBZ#2044457", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22822" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/pull/539", "url": "https://github.com/libexpat/libexpat/pull/539" } ], "release_date": "2022-01-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: Integer overflow in addBinding in xmlparse.c" }, { "cve": "CVE-2022-22823", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044464" } ], "notes": [ { "category": "description", "text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Integer overflow in build_model in xmlparse.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22823" }, { "category": "external", "summary": "RHBZ#2044464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/pull/539", "url": "https://github.com/libexpat/libexpat/pull/539" } ], "release_date": "2022-01-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: Integer overflow in build_model in xmlparse.c" }, { "cve": "CVE-2022-22824", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044467" } ], "notes": [ { "category": "description", "text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Integer overflow in defineAttribute in xmlparse.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22824" }, { "category": "external", "summary": "RHBZ#2044467", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/pull/539", "url": "https://github.com/libexpat/libexpat/pull/539" } ], "release_date": "2022-01-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: Integer overflow in defineAttribute in xmlparse.c" }, { "cve": "CVE-2022-22825", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044479" } ], "notes": [ { "category": "description", "text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Integer overflow in lookup in xmlparse.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22825" }, { "category": "external", "summary": "RHBZ#2044479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22825", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22825" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/pull/539", "url": "https://github.com/libexpat/libexpat/pull/539" } ], "release_date": "2022-01-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: Integer overflow in lookup in xmlparse.c" }, { "cve": "CVE-2022-22826", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044484" } ], "notes": [ { "category": "description", "text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Integer overflow in nextScaffoldPart in xmlparse.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22826" }, { "category": "external", "summary": "RHBZ#2044484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22826", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22826" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/pull/539", "url": "https://github.com/libexpat/libexpat/pull/539" } ], "release_date": "2022-01-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: Integer overflow in nextScaffoldPart in xmlparse.c" }, { "cve": "CVE-2022-22827", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044488" } ], "notes": [ { "category": "description", "text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Integer overflow in storeAtts in xmlparse.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22827" }, { "category": "external", "summary": "RHBZ#2044488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22827", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22827" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/pull/539", "url": "https://github.com/libexpat/libexpat/pull/539" } ], "release_date": "2022-01-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: Integer overflow in storeAtts in xmlparse.c" }, { "cve": "CVE-2022-23852", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044613" } ], "notes": [ { "category": "description", "text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Integer overflow in function XML_GetBuffer", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23852" }, { "category": "external", "summary": "RHBZ#2044613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23852", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/pull/550", "url": "https://github.com/libexpat/libexpat/pull/550" } ], "release_date": "2022-01-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: Integer overflow in function XML_GetBuffer" }, { "cve": "CVE-2022-23990", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2048356" } ], "notes": [ { "category": "description", "text": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: integer overflow in the doProlog function", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security marked this flaw as Moderate Impact because the vulnerability includes a flaw that is present in a program\u2019s source code but to which no current or theoretically possible, but unproven, exploitation vectors exist or were found during the technical analysis of the flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23990" }, { "category": "external", "summary": "RHBZ#2048356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23990", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23990" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990" } ], "release_date": "2022-01-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: integer overflow in the doProlog function" }, { "cve": "CVE-2022-25235", "cwe": { "id": "CWE-838", "name": "Inappropriate Encoding for Output Context" }, "discovery_date": "2022-02-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2056366" } ], "notes": [ { "category": "description", "text": "A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25235" }, { "category": "external", "summary": "RHBZ#2056366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25235", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235" }, { "category": "external", "summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/", "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" } ], "release_date": "2022-02-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "category": "workaround", "details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution" }, { "cve": "CVE-2022-25236", "cwe": { "id": "CWE-179", "name": "Incorrect Behavior Order: Early Validation" }, "discovery_date": "2022-02-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2056370" } ], "notes": [ { "category": "description", "text": "A flaw was found in expat. Passing one or more namespace separator characters in the \"xmlns[:prefix]\" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.\n\nThe xmlrpc-c component as shipped with Red Hat Enterprise Linux 8 is not affected by this issue as the issue could not be reproduced in this version.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25236" }, { "category": "external", "summary": "RHBZ#2056370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25236", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25236" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236" }, { "category": "external", "summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/", "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" } ], "release_date": "2022-02-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "category": "workaround", "details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution" }, { "cve": "CVE-2022-25313", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2056350" } ], "notes": [ { "category": "description", "text": "A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Stack exhaustion in doctype parsing", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications which only parse trusted XML files or do not process XML files at all are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25313" }, { "category": "external", "summary": "RHBZ#2056350", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25313", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25313" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313" }, { "category": "external", "summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/", "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" } ], "release_date": "2022-02-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "category": "workaround", "details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: Stack exhaustion in doctype parsing" }, { "cve": "CVE-2022-25314", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-02-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2056354" } ], "notes": [ { "category": "description", "text": "An integer overflow flaw was found in expat. This issue affects the encoding name parameter at the parser creation time, which is often hard-coded (rather than user input), takes a value in the gigabytes to trigger, and on a 64-bit machine. This flaw can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Integer overflow in copyString()", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has been rated as having a severity of Moderate. The encoding name parameter is often hard-coded (rather than user input) and it would take a value in the gigabytes for the name to trigger this issue. The versions of `expat` as shipped with Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as they did not include the vulnerable copyString() function.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25314" }, { "category": "external", "summary": "RHBZ#2056354", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25314", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25314" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314" }, { "category": "external", "summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/", "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" } ], "release_date": "2022-02-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "category": "workaround", "details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: Integer overflow in copyString()" }, { "cve": "CVE-2022-25315", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-02-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2056363" } ], "notes": [ { "category": "description", "text": "An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Integer overflow in storeRawNames()", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25315" }, { "category": "external", "summary": "RHBZ#2056363", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25315", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25315" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315" }, { "category": "external", "summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/", "url": "https://blog.hartwork.org/posts/expat-2-4-5-released/" } ], "release_date": "2022-02-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:05:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "category": "workaround", "details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "expat: Integer overflow in storeRawNames()" } ] }
rhsa-2022_1915
Vulnerability from csaf_redhat
Published
2022-05-10 14:18
Modified
2024-11-06 00:47
Summary
Red Hat Security Advisory: httpd:2.4 security and bug fix update
Notes
Topic
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)
* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)
* httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)\n\n* httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1915", "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/" }, { "category": "external", "summary": "1966724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724" }, { "category": "external", "summary": "1966728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728" }, { "category": "external", "summary": "1984828", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984828" }, { "category": "external", "summary": "2001046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001046" }, { "category": "external", "summary": "2005124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124" }, { "category": "external", "summary": "2034672", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1915.json" } ], "title": "Red Hat Security Advisory: httpd:2.4 security and bug fix update", "tracking": { "current_release_date": "2024-11-06T00:47:43+00:00", "generator": { "date": "2024-11-06T00:47:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:1915", "initial_release_date": "2022-05-10T14:18:41+00:00", "revision_history": [ { "date": "2022-05-10T14:18:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-10T14:18:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:47:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "httpd:2.4:8060020220321163517:d63f516d", "product": { "name": "httpd:2.4:8060020220321163517:d63f516d", "product_id": "httpd:2.4:8060020220321163517:d63f516d", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/httpd@2.4:8060020220321163517:d63f516d" } } }, { "category": "product_version", "name": "httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "product": { "name": "httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "product_id": "httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-filesystem@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=noarch" } } }, { "category": "product_version", "name": "httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "product": { "name": "httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "product_id": "httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product": { "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_id": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=aarch64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product": { "name": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_id": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=aarch64" } } }, { "category": "product_version", "name": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product": { "name": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_id": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debugsource@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=aarch64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product": { "name": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_id": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=aarch64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product": { "name": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_id": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=aarch64" } } }, { "category": "product_version", "name": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product": { "name": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_id": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=aarch64" } } }, { "category": "product_version", "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "product": { "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "product_id": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_http2@1.15.7-5.module%2Bel8.6.0%2B13996%2B01710940?arch=aarch64" } } }, { "category": "product_version", "name": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "product": { "name": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "product_id": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_http2-debuginfo@1.15.7-5.module%2Bel8.6.0%2B13996%2B01710940?arch=aarch64" } } }, { "category": "product_version", "name": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "product": { "name": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "product_id": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_http2-debugsource@1.15.7-5.module%2Bel8.6.0%2B13996%2B01710940?arch=aarch64" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product": { "name": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_id": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=aarch64" } } }, { "category": "product_version", "name": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product": { "name": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_id": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=aarch64" } } }, { "category": "product_version", "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "product": { "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "product": { "name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "product_id": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_md-debuginfo@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "product": { "name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "product_id": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_md-debugsource@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product": { "name": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_id": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product": { "name": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_id": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product": { "name": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_id": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=aarch64" } } }, { "category": "product_version", "name": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product": { "name": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_id": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=aarch64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product": { "name": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_id": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product": { "name": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_id": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "product": { "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "product_id": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=src" } } }, { "category": "product_version", "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "product": { "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "product_id": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_http2@1.15.7-5.module%2Bel8.6.0%2B13996%2B01710940?arch=src" } } }, { "category": "product_version", "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "product": { "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product": { "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_id": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product": { "name": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_id": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product": { "name": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_id": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debugsource@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product": { "name": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_id": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product": { "name": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_id": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product": { "name": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_id": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "product": { "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "product_id": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_http2@1.15.7-5.module%2Bel8.6.0%2B13996%2B01710940?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "product": { "name": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "product_id": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_http2-debuginfo@1.15.7-5.module%2Bel8.6.0%2B13996%2B01710940?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "product": { "name": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "product_id": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_http2-debugsource@1.15.7-5.module%2Bel8.6.0%2B13996%2B01710940?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product": { "name": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_id": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product": { "name": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_id": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "product": { "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "product": { "name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "product_id": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_md-debuginfo@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "product": { "name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "product_id": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_md-debugsource@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product": { "name": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_id": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product": { "name": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_id": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product": { "name": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_id": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product": { "name": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_id": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product": { "name": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_id": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product": { "name": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_id": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product": { "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_id": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=s390x" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product": { "name": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_id": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=s390x" } } }, { "category": "product_version", "name": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product": { "name": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_id": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debugsource@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=s390x" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product": { "name": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_id": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=s390x" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product": { "name": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_id": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=s390x" } } }, { "category": "product_version", "name": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product": { "name": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_id": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=s390x" } } }, { "category": "product_version", "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "product": { "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "product_id": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_http2@1.15.7-5.module%2Bel8.6.0%2B13996%2B01710940?arch=s390x" } } }, { "category": "product_version", "name": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "product": { "name": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "product_id": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_http2-debuginfo@1.15.7-5.module%2Bel8.6.0%2B13996%2B01710940?arch=s390x" } } }, { "category": "product_version", "name": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "product": { "name": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "product_id": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_http2-debugsource@1.15.7-5.module%2Bel8.6.0%2B13996%2B01710940?arch=s390x" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product": { "name": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_id": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=s390x" } } }, { "category": "product_version", "name": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product": { "name": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_id": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=s390x" } } }, { "category": "product_version", "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "product": { "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "product": { "name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "product_id": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_md-debuginfo@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "product": { "name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "product_id": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_md-debugsource@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product": { "name": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_id": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product": { "name": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_id": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product": { "name": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_id": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=s390x" } } }, { "category": "product_version", "name": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product": { "name": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_id": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=s390x" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product": { "name": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_id": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product": { "name": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_id": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product": { "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_id": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product": { "name": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_id": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product": { "name": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_id": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debugsource@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product": { "name": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_id": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product": { "name": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_id": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product": { "name": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_id": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=x86_64" } } }, { "category": "product_version", "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "product": { "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "product_id": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_http2@1.15.7-5.module%2Bel8.6.0%2B13996%2B01710940?arch=x86_64" } } }, { "category": "product_version", "name": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "product": { "name": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "product_id": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_http2-debuginfo@1.15.7-5.module%2Bel8.6.0%2B13996%2B01710940?arch=x86_64" } } }, { "category": "product_version", "name": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "product": { "name": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "product_id": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_http2-debugsource@1.15.7-5.module%2Bel8.6.0%2B13996%2B01710940?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product": { "name": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_id": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product": { "name": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_id": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=x86_64" } } }, { "category": "product_version", "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "product": { "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "product": { "name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "product_id": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_md-debuginfo@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "product": { "name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "product_id": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_md-debugsource@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product": { "name": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_id": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product": { "name": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_id": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product": { "name": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_id": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=x86_64" } } }, { "category": "product_version", "name": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product": { "name": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_id": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product": { "name": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_id": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product": { "name": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_id": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.37-47.module%2Bel8.6.0%2B14529%2B083145da.1?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, "product_reference": "httpd:2.4:8060020220321163517:d63f516d", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64" }, "product_reference": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le" }, "product_reference": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x" }, "product_reference": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src" }, "product_reference": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" }, "product_reference": "httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64" }, "product_reference": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le" }, "product_reference": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x" }, "product_reference": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" }, "product_reference": "httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64" }, "product_reference": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le" }, "product_reference": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x" }, "product_reference": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" }, "product_reference": "httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch" }, "product_reference": "httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch" }, "product_reference": "httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64" }, "product_reference": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le" }, "product_reference": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x" }, "product_reference": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" }, "product_reference": "httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64" }, "product_reference": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le" }, "product_reference": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x" }, "product_reference": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" }, "product_reference": "httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64" }, "product_reference": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le" }, "product_reference": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x" }, "product_reference": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src" }, "product_reference": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64" }, "product_reference": "mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64" }, "product_reference": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le" }, "product_reference": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x" }, "product_reference": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64" }, "product_reference": "mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64" }, "product_reference": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le" }, "product_reference": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x" }, "product_reference": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64" }, "product_reference": "mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64" }, "product_reference": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le" }, "product_reference": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x" }, "product_reference": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" }, "product_reference": "mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64" }, "product_reference": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le" }, "product_reference": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x" }, "product_reference": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" }, "product_reference": "mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64" }, "product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le" }, "product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x" }, "product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src" }, "product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64" }, "product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64" }, "product_reference": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le" }, "product_reference": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x" }, "product_reference": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64" }, "product_reference": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64" }, "product_reference": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le" }, "product_reference": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x" }, "product_reference": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64" }, "product_reference": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x" }, "product_reference": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64" }, "product_reference": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le" }, "product_reference": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x" }, "product_reference": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" }, "product_reference": "mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64" }, "product_reference": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le" }, "product_reference": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x" }, "product_reference": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" }, "product_reference": "mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64" }, "product_reference": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le" }, "product_reference": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x" }, "product_reference": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" }, "product_reference": "mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64" }, "product_reference": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le" }, "product_reference": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x" }, "product_reference": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" }, "product_reference": "mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64" }, "product_reference": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le" }, "product_reference": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x" }, "product_reference": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 as a component of httpd:2.4:8060020220321163517:d63f516d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" }, "product_reference": "mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the Apache project" ] }, { "names": [ "Antonio Morales" ], "organization": "GHSL" } ], "cve": "CVE-2020-35452", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966724" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache httpd. The mod_auth_digest has a single zero byte stack overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Single zero byte stack overflow in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a one byte overflow and as per upstream it should be non-exploitable in most condtions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-35452" }, { "category": "external", "summary": "RHBZ#1966724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35452", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35452" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35452", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35452" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-10T14:18:41+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "category": "workaround", "details": "Only configurations which use mod_auth_digest are affected by this flaw. Also as per upstream this flaw is not exploitable in most conditions, so there should really be no impact of this flaw.", "product_ids": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: Single zero byte stack overflow in mod_auth_digest" }, { "cve": "CVE-2021-33193", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966728" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference was found in Apache httpd mod_h2. The highest threat from this flaw is to system integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Request splitting via HTTP/2 method injection and mod_proxy", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33193" }, { "category": "external", "summary": "RHBZ#1966728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33193", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33193" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33193", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33193" }, { "category": "external", "summary": "https://portswigger.net/research/http2", "url": "https://portswigger.net/research/http2" } ], "release_date": "2021-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-10T14:18:41+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling HTTP/2. More information available at: https://httpd.apache.org/docs/2.4/mod/mod_http2.html", "product_ids": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Request splitting via HTTP/2 method injection and mod_proxy" }, { "cve": "CVE-2021-36160", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2021-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2005124" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-36160" }, { "category": "external", "summary": "RHBZ#2005124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-36160", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36160" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36160", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36160" } ], "release_date": "2021-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-10T14:18:41+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path" }, { "cve": "CVE-2021-44224", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2021-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034672" } ], "notes": [ { "category": "description", "text": "There\u0027s a null pointer dereference and server-side request forgery flaw in httpd\u0027s mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Domain Socket requests. In the worst case, this could cause a denial of service or compromise to confidentiality of data.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: possible NULL dereference or SSRF in forward proxy configurations", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw does not affect httpd configurations that do not use forward proxy functionality (configurations where ProxyRequests is turned off).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44224" }, { "category": "external", "summary": "RHBZ#2034672", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44224", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44224" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44224", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44224" }, { "category": "external", "summary": "http://httpd.apache.org/security/vulnerabilities_24.html", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-10T14:18:41+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-debugsource-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-devel-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-filesystem-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-manual-0:2.4.37-47.module+el8.6.0+14529+083145da.1.noarch", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:httpd-tools-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debuginfo-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_http2-debugsource-0:1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ldap-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_proxy_html-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_session-debuginfo-0:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.aarch64", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.ppc64le", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.s390x", "AppStream-8.6.0.GA:httpd:2.4:8060020220321163517:d63f516d:mod_ssl-debuginfo-1:2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: possible NULL dereference or SSRF in forward proxy configurations" } ] }
rhsa-2022_7143
Vulnerability from csaf_redhat
Published
2022-10-26 20:15
Modified
2024-11-06 01:51
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
Notes
Topic
An update is now available for Red Hat JBoss Core Services.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.
Security Fix(es):
* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)
* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
* httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524)
* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Core Services.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)\n\n* httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7143", "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.51/html-single/red_hat_jboss_core_services_apache_http_server_2.4.51_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.51/html-single/red_hat_jboss_core_services_apache_http_server_2.4.51_release_notes/index" }, { "category": "external", "summary": "1966728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728" }, { "category": "external", "summary": "2005119", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119" }, { "category": "external", "summary": "2005124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124" }, { "category": "external", "summary": "2010934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010934" }, { "category": "external", "summary": "2034672", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7143.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update", "tracking": { "current_release_date": "2024-11-06T01:51:30+00:00", "generator": { "date": "2024-11-06T01:51:30+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:7143", "initial_release_date": "2022-10-26T20:15:34+00:00", "revision_history": [ { "date": "2022-10-26T20:15:34+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-05-17T11:42:27+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T01:51:30+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product": { "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el7" } } }, { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 8", "product": { "name": "Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "product": { "name": "jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "product_id": "jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.9-2.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "product": { "name": "jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "product_id": "jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.14-1.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "product": { "name": "jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "product_id": "jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.7.0-6.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "product_id": "jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-12.el7jbcs?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-16.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-31.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "product": { "name": "jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "product_id": "jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.43.0-10.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "product_id": "jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-28.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-19.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "product_id": "jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-15.el7jbcs?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-17.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "product": { "name": "jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "product_id": "jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.83.1-6.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-98.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.17-9.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-41.redhat_1.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "product": { "name": "jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "product_id": "jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.9-2.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "product": { "name": "jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "product_id": "jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.14-1.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "product": { "name": "jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "product_id": "jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.7.0-6.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "product_id": "jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-12.el8jbcs?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-31.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-16.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "product": { "name": "jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "product_id": "jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.43.0-10.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "product_id": "jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-28.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-17.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "product_id": "jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-15.el8jbcs?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-19.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "product": { "name": "jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "product_id": "jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.83.1-6.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-98.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.17-9.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-41.redhat_1.el8jbcs?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "product_id": "jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.9-2.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "product_id": "jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.9-2.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.9-2.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.14-1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-devel@2.14-1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-debuginfo@2.14-1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.7.0-6.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.7.0-6.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.7.0-6.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-12.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1k-12.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1k-12.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1k-12.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1k-12.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1k-12.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-16.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil-debuginfo@1.0.0-16.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-31.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11-debuginfo@0.4.10-31.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "product_id": "jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.43.0-10.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "product_id": "jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.43.0-10.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.43.0-10.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-28.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.51-28.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.51-28.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.51-28.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.51-28.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.51-28.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.51-28.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.51-28.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.51-28.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-19.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.3-19.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-15.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.4.0-15.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-17.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.19-17.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "product_id": "jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.83.1-6.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.83.1-6.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.83.1-6.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "product_id": "jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.83.1-6.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-98.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-98.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-98.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-98.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-98.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-98.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-98.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-98.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-98.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-98.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.17-9.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster-debuginfo@1.3.17-9.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-41.redhat_1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.48-41.redhat_1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "product_id": "jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.9-2.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "product_id": "jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.9-2.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.9-2.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.14-1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-devel@2.14-1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-debuginfo@2.14-1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.7.0-6.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.7.0-6.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.7.0-6.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-12.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1k-12.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1k-12.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1k-12.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1k-12.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1k-12.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs-debuginfo@1.1.1k-12.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-31.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11-debuginfo@0.4.10-31.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-16.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil-debuginfo@1.0.0-16.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "product_id": "jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.43.0-10.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "product_id": "jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.43.0-10.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.43.0-10.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-28.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.51-28.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.51-28.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.51-28.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.51-28.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.51-28.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.51-28.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.51-28.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.51-28.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools-debuginfo@2.4.51-28.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap-debuginfo@2.4.51-28.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html-debuginfo@2.4.51-28.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session-debuginfo@2.4.51-28.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl-debuginfo@2.4.51-28.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-17.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.19-17.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-15.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.4.0-15.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-19.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.3-19.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "product_id": "jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.83.1-6.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.83.1-6.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.83.1-6.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "product_id": "jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.83.1-6.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-debuginfo@7.83.1-6.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap-debuginfo@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql-debuginfo@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss-debuginfo@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc-debuginfo@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl-debuginfo@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql-debuginfo@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite-debuginfo@1.6.1-98.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.17-9.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster-debuginfo@1.3.17-9.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-41.redhat_1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24-debuginfo@1.2.48-41.redhat_1.el8jbcs?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.51-28.el7jbcs?arch=noarch" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.51-28.el8jbcs?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src" }, "product_reference": "jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src" }, "product_reference": "jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src" }, "product_reference": "jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src" }, "product_reference": "jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src" }, "product_reference": "jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src" }, "product_reference": "jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src" }, "product_reference": "jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src" }, "product_reference": "jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-33193", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-27T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966728" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference was found in Apache httpd mod_h2. The highest threat from this flaw is to system integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Request splitting via HTTP/2 method injection and mod_proxy", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33193" }, { "category": "external", "summary": "RHBZ#1966728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33193", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33193" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33193", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33193" }, { "category": "external", "summary": "https://portswigger.net/research/http2", "url": "https://portswigger.net/research/http2" } ], "release_date": "2021-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:15:34+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling HTTP/2. More information available at: https://httpd.apache.org/docs/2.4/mod/mod_http2.html", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Request splitting via HTTP/2 method injection and mod_proxy" }, { "cve": "CVE-2021-36160", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2021-09-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2005124" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-36160" }, { "category": "external", "summary": "RHBZ#2005124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-36160", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36160" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36160", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36160" } ], "release_date": "2021-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:15:34+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path" }, { "cve": "CVE-2021-39275", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-09-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2005119" } ], "notes": [ { "category": "description", "text": "An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Out-of-bounds write in ap_escape_quotes() via malicious input", "title": "Vulnerability summary" }, { "category": "other", "text": "No httpd module in Red Hat Enterprise Linux and Red Hat Software Collections pass untrusted data to ap_escape_quotes function, thus the Impact of the flaw has been set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-39275" }, { "category": "external", "summary": "RHBZ#2005119", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39275", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39275", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39275" } ], "release_date": "2021-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:15:34+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Out-of-bounds write in ap_escape_quotes() via malicious input" }, { "cve": "CVE-2021-41524", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-10-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2010934" } ], "notes": [ { "category": "description", "text": "While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: NULL pointer dereference via crafted request during HTTP/2 request processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue only affects Apache HTTP Server 2.4.49 and Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP9, earlier versions are not affected. Therefore this issue does not affect the other versions of Apache HTTP Server shipped with Red Hat products.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-41524" }, { "category": "external", "summary": "RHBZ#2010934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010934" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-41524", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41524" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41524", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41524" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:15:34+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7143" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: NULL pointer dereference via crafted request during HTTP/2 request processing" }, { "cve": "CVE-2021-44224", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2021-12-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034672" } ], "notes": [ { "category": "description", "text": "There\u0027s a null pointer dereference and server-side request forgery flaw in httpd\u0027s mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Domain Socket requests. In the worst case, this could cause a denial of service or compromise to confidentiality of data.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: possible NULL dereference or SSRF in forward proxy configurations", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw does not affect httpd configurations that do not use forward proxy functionality (configurations where ProxyRequests is turned off).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44224" }, { "category": "external", "summary": "RHBZ#2034672", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44224", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44224" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44224", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44224" }, { "category": "external", "summary": "http://httpd.apache.org/security/vulnerabilities_24.html", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-26T20:15:34+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-41.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-98.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-brotli-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-brotli-devel-0:1.0.9-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-jansson-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-jansson-devel-0:2.14-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.83.1-6.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-17.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-41.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-41.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-15.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.17-9.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-19.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.43.0-10.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-16.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-12.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-31.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-12.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-28.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-28.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: possible NULL dereference or SSRF in forward proxy configurations" } ] }
rhsa-2022_6753
Vulnerability from csaf_redhat
Published
2022-09-29 13:33
Modified
2024-11-06 01:41
Summary
Red Hat Security Advisory: httpd24-httpd security and bug fix update
Notes
Topic
An update for httpd24-httpd is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)
* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)
* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)
* httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)
* httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)
* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)
Additional changes:
* To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.
On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.
If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:
LimitRequestBody 2147483648
Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for httpd24-httpd is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)\n\n* httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)\n\n* httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)\n\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)\n\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly specified in an httpd configuration file, updating the httpd package sets \"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.\n\nIf the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the \"LimitRequestBody\" directive are unaffected by this change.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6753", "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/articles/6975397", "url": "https://access.redhat.com/articles/6975397" }, { "category": "external", "summary": "1966728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728" }, { "category": "external", "summary": "2005119", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119" }, { "category": "external", "summary": "2005124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124" }, { "category": "external", "summary": "2005128", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005128" }, { "category": "external", "summary": "2034672", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672" }, { "category": "external", "summary": "2064319", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064319" }, { "category": "external", "summary": "2064320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064320" }, { "category": "external", "summary": "2064322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064322" }, { "category": "external", "summary": "2094997", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094997" }, { "category": "external", "summary": "2095002", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095002" }, { "category": "external", "summary": "2095006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095006" }, { "category": "external", "summary": "2095012", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095012" }, { "category": "external", "summary": "2095015", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095015" }, { "category": "external", "summary": "2095018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095018" }, { "category": "external", "summary": "2095020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095020" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6753.json" } ], "title": "Red Hat Security Advisory: httpd24-httpd security and bug fix update", "tracking": { "current_release_date": "2024-11-06T01:41:24+00:00", "generator": { "date": "2024-11-06T01:41:24+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:6753", "initial_release_date": "2022-09-29T13:33:06+00:00", "revision_history": [ { "date": "2022-09-29T13:33:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-09-29T13:33:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T01:41:24+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for RHEL Workstation(v. 7)", "product": { "name": "Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for RHEL(v. 7)", "product": { "name": "Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "httpd24-httpd-0:2.4.34-23.el7.5.src", "product": { "name": "httpd24-httpd-0:2.4.34-23.el7.5.src", "product_id": "httpd24-httpd-0:2.4.34-23.el7.5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.34-23.el7.5?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "product": { "name": "httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "product_id": "httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.34-23.el7.5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "product": { "name": "httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "product_id": "httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.34-23.el7.5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "product": { "name": "httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "product_id": "httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.34-23.el7.5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "product": { "name": "httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "product_id": "httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.34-23.el7.5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "product": { "name": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "product_id": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.34-23.el7.5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "product": { "name": "httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "product_id": "httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.34-23.el7.5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "product": { "name": "httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "product_id": "httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.34-23.el7.5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "product": { "name": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "product_id": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.34-23.el7.5?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "product": { "name": "httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "product_id": "httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-manual@2.4.34-23.el7.5?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "httpd24-httpd-0:2.4.34-23.el7.5.s390x", "product": { "name": "httpd24-httpd-0:2.4.34-23.el7.5.s390x", "product_id": "httpd24-httpd-0:2.4.34-23.el7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.34-23.el7.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "product": { "name": "httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "product_id": "httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.34-23.el7.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "product": { "name": "httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "product_id": "httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.34-23.el7.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "product": { "name": "httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "product_id": "httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.34-23.el7.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "product": { "name": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "product_id": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.34-23.el7.5?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "product": { "name": "httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "product_id": "httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.34-23.el7.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "product": { "name": "httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "product_id": "httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.34-23.el7.5?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "product": { "name": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "product_id": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.34-23.el7.5?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "product": { "name": "httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "product_id": "httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.34-23.el7.5?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "product": { "name": "httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "product_id": "httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.34-23.el7.5?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "product": { "name": "httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "product_id": "httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.34-23.el7.5?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "product": { "name": "httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "product_id": "httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.34-23.el7.5?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "product": { "name": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "product_id": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.34-23.el7.5?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "product": { "name": "httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "product_id": "httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.34-23.el7.5?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "product": { "name": "httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "product_id": "httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.34-23.el7.5?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "product": { "name": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "product_id": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.34-23.el7.5?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-httpd-0:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.34-23.el7.5.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src" }, "product_reference": "httpd24-httpd-0:2.4.34-23.el7.5.src", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch" }, "product_reference": "httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-httpd-0:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.34-23.el7.5.src as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src" }, "product_reference": "httpd24-httpd-0:2.4.34-23.el7.5.src", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch" }, "product_reference": "httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le" }, "product_reference": "httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x" }, "product_reference": "httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" }, "product_reference": "httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-33193", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966728" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference was found in Apache httpd mod_h2. The highest threat from this flaw is to system integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Request splitting via HTTP/2 method injection and mod_proxy", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33193" }, { "category": "external", "summary": "RHBZ#1966728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33193", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33193" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33193", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33193" }, { "category": "external", "summary": "https://portswigger.net/research/http2", "url": "https://portswigger.net/research/http2" } ], "release_date": "2021-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling HTTP/2. More information available at: https://httpd.apache.org/docs/2.4/mod/mod_http2.html", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Request splitting via HTTP/2 method injection and mod_proxy" }, { "cve": "CVE-2021-34798", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2005128" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: NULL pointer dereference via malformed requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34798" }, { "category": "external", "summary": "RHBZ#2005128", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005128" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34798", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34798" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: NULL pointer dereference via malformed requests" }, { "cve": "CVE-2021-36160", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2021-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2005124" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-36160" }, { "category": "external", "summary": "RHBZ#2005124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-36160", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36160" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36160", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36160" } ], "release_date": "2021-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path" }, { "cve": "CVE-2021-39275", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2005119" } ], "notes": [ { "category": "description", "text": "An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Out-of-bounds write in ap_escape_quotes() via malicious input", "title": "Vulnerability summary" }, { "category": "other", "text": "No httpd module in Red Hat Enterprise Linux and Red Hat Software Collections pass untrusted data to ap_escape_quotes function, thus the Impact of the flaw has been set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-39275" }, { "category": "external", "summary": "RHBZ#2005119", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39275", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39275", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39275" } ], "release_date": "2021-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Out-of-bounds write in ap_escape_quotes() via malicious input" }, { "cve": "CVE-2021-44224", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2021-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034672" } ], "notes": [ { "category": "description", "text": "There\u0027s a null pointer dereference and server-side request forgery flaw in httpd\u0027s mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Domain Socket requests. In the worst case, this could cause a denial of service or compromise to confidentiality of data.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: possible NULL dereference or SSRF in forward proxy configurations", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw does not affect httpd configurations that do not use forward proxy functionality (configurations where ProxyRequests is turned off).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44224" }, { "category": "external", "summary": "RHBZ#2034672", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44224", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44224" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44224", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44224" }, { "category": "external", "summary": "http://httpd.apache.org/security/vulnerabilities_24.html", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: possible NULL dereference or SSRF in forward proxy configurations" }, { "cve": "CVE-2022-22719", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064322" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_lua: Use of uninitialized value of in r:parsebody", "title": "Vulnerability summary" }, { "category": "other", "text": "httpd as shipped with Red Hat Enterprise Linux 6, is not affected by this flaw because it does not ship mod_lua.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22719" }, { "category": "external", "summary": "RHBZ#2064322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22719", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22719" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22719", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22719" } ], "release_date": "2022-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "workaround", "details": "Disabling mod_lua and restarting httpd will mitigate this flaw. See https://access.redhat.com/articles/10649 for more information.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_lua: Use of uninitialized value of in r:parsebody" }, { "cve": "CVE-2022-22721", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064320" } ], "notes": [ { "category": "description", "text": "A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody", "title": "Vulnerability summary" }, { "category": "other", "text": "The default configuration of the LimitXMLRequestBody option on RHEL is 1MB and therefore is not vulnerable to this flaw. Also, this issue is known to only affect 32bit httpd builds.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22721" }, { "category": "external", "summary": "RHBZ#2064320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064320" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22721", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22721" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22721", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22721" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721" } ], "release_date": "2022-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "workaround", "details": "Set the LimitXMLRequestBody option to a value smaller than 350MB. Setting it to 0 is not recommended as it will use a hard limit (depending on 32bit or 64bit systems) which may result in an overall system out-of-memory. The default configuration is not vulnerable to this flaw, see the statement above.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody" }, { "cve": "CVE-2022-23943", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064319" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read/write vulnerability was found in the mod_sed module of httpd. This flaw allows an attacker to overwrite the memory of an httpd instance that is using mod_sed with data provided by the attacker.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_sed: Read/write beyond bounds", "title": "Vulnerability summary" }, { "category": "other", "text": "The `mod_sed` module is disabled by default on Red Hat Enterprise Linux 7 and 8. For this reason, the flaw has been rated as having a security impact of Moderate. The httpd package as shipped with Red Hat Enterprise Linux 6 is not affected by this flaw because the `mod_sed` module is available only in httpd 2.3 and later.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23943" }, { "category": "external", "summary": "RHBZ#2064319", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064319" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23943", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23943" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23943", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23943" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-23943", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-23943" } ], "release_date": "2022-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "workaround", "details": "Disabling mod_sed and restarting httpd will mitigate this flaw. See https://access.redhat.com/articles/10649 for more information.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_sed: Read/write beyond bounds" }, { "cve": "CVE-2022-26377", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2094997" } ], "notes": [ { "category": "description", "text": "An HTTP request smuggling vulnerability was found in the mod_proxy_ajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_ajp: Possible request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "The httpd mod_proxy_ajp module is enabled by default on Red Hat Enterprise Linux 8, 9, and in RHSCL. However, there are no directives forwarding requests using the AJP protocol.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26377" }, { "category": "external", "summary": "RHBZ#2094997", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094997" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26377", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26377" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26377", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26377" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377" } ], "release_date": "2022-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "workaround", "details": "Disabling mod_proxy_ajp and restarting httpd will mitigate this flaw.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_ajp: Possible request smuggling" }, { "cve": "CVE-2022-28614", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2022-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2095002" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_rputs and ap_rwrite functions can lead to an integer overflow and result in an out-of-bounds read.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Out-of-bounds read via ap_rwrite()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-28614" }, { "category": "external", "summary": "RHBZ#2095002", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095002" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28614", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28614" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28614", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28614" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614" } ], "release_date": "2022-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: Out-of-bounds read via ap_rwrite()" }, { "cve": "CVE-2022-28615", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2022-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2095006" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_strcmp_match function can lead to an integer overflow and result in an out-of-bounds read.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Out-of-bounds read in ap_strcmp_match()", "title": "Vulnerability summary" }, { "category": "other", "text": "According to upstream, no code distributed with the httpd server can exploit this flaw, however, third-party modules or Lua scripts that use the ap_strcmp_match function could potentially be affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-28615" }, { "category": "external", "summary": "RHBZ#2095006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28615", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28615" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28615", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28615" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28615", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28615" } ], "release_date": "2022-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: Out-of-bounds read in ap_strcmp_match()" }, { "cve": "CVE-2022-29404", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2095012" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mod_lua module of httpd. A malicious request to a Lua script that calls parsebody(0) can lead to a denial of service due to no default limit on the possible input size.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_lua: DoS in r:parsebody", "title": "Vulnerability summary" }, { "category": "other", "text": "httpd as shipped with Red Hat Enterprise Linux 6, is not affected by this flaw because it does not ship mod_lua.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29404" }, { "category": "external", "summary": "RHBZ#2095012", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095012" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29404", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29404" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29404", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29404" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-29404", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-29404" } ], "release_date": "2022-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "workaround", "details": "Disabling mod_lua and restarting httpd will mitigate this flaw.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_lua: DoS in r:parsebody" }, { "cve": "CVE-2022-30522", "cwe": { "id": "CWE-789", "name": "Memory Allocation with Excessive Size Value" }, "discovery_date": "2022-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2095015" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mod_sed module of httpd. A very large input to the mod_sed module can result in a denial of service due to excessively large memory allocations.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_sed: DoS vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "The mod_sed module is disabled by default on Red Hat Enterprise Linux 7 and 8. The httpd package as shipped with Red Hat Enterprise Linux 6 is not affected by this flaw because the mod_sed module is not available.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30522" }, { "category": "external", "summary": "RHBZ#2095015", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095015" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30522", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30522" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30522", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30522" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522" } ], "release_date": "2022-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "workaround", "details": "Disabling mod_sed and restating httpd will mitigate this flaw.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_sed: DoS vulnerability" }, { "cve": "CVE-2022-30556", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2022-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2095018" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mod_lua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_lua: Information disclosure with websockets", "title": "Vulnerability summary" }, { "category": "other", "text": "httpd as shipped with Red Hat Enterprise Linux 6, is not affected by this flaw because it does not ship mod_lua. Red Hat Enterprise Linux 7 is not affected by this flaw because the wsread function is not available.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30556" }, { "category": "external", "summary": "RHBZ#2095018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095018" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30556", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30556" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30556", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30556" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556" } ], "release_date": "2022-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "workaround", "details": "Disabling mod_lua and restarting httpd will mitigate this flaw.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_lua: Information disclosure with websockets" }, { "cve": "CVE-2022-31813", "cwe": { "id": "CWE-348", "name": "Use of Less Trusted Source" }, "discovery_date": "2022-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2095020" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mod_proxy module of httpd. The server may remove the X-Forwarded-* headers from a request based on the client-side Connection header hop-by-hop mechanism.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31813" }, { "category": "external", "summary": "RHBZ#2095020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095020" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31813", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31813" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31813", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31813" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813" } ], "release_date": "2022-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-29T13:33:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism" } ] }
wid-sec-w-2022-0722
Vulnerability from csaf_certbund
Published
2021-08-16 22:00
Modified
2023-03-05 23:00
Summary
Apache HTTP Server: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache ist ein Webserver für verschiedene Plattformen.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache HTTP Server ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- CISCO Appliance
- Sonstiges
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Apache ist ein Webserver f\u00fcr verschiedene Plattformen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache HTTP Server ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- CISCO Appliance\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0722 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0722.json" }, { "category": "self", "summary": "WID-SEC-2022-0722 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0722" }, { "category": "external", "summary": "Debian Security Advisory DLA-3351 vom 2023-03-03", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00002.html" }, { "category": "external", "summary": "NIST Vulnerability Database vom 2021-08-16", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33193" }, { "category": "external", "summary": "github Apache", "url": "https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:2918-1 vom 2021-09-02", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009388.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:2954-1 vom 2021-09-03", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009405.html" }, { "category": "external", "summary": "NetApp Security Advisory NTAP-20210917-0004 vom 2021-09-17", "url": "https://security.netapp.com/advisory/ntap-20210917-0004/" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5090-1 vom 2021-09-27", "url": "https://ubuntu.com/security/notices/USN-5090-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5090-4 vom 2021-09-28", "url": "https://ubuntu.com/security/notices/USN-5090-4" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5090-3 vom 2021-09-28", "url": "https://ubuntu.com/security/notices/USN-5090-3" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:3335-1 vom 2021-10-12", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-October/009564.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2021-1543 vom 2021-10-15", "url": "https://alas.aws.amazon.com/ALAS-2021-1543.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2021-1716 vom 2021-10-15", "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1716.html" }, { "category": "external", "summary": "Cisco Security Advisory CISCO-SA-APACHE-HTTPD-2 vom 2021-11-24", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "category": "external", "summary": "Cisco Security Advisory CISCO-SA-APACHE-HTTPD-2.4.49-VWL69SWQ vom 2021-12-21", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-1915 vom 2022-05-17", "url": "https://linux.oracle.com/errata/ELSA-2022-1915.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-9276 vom 2022-04-13", "url": "http://linux.oracle.com/errata/ELSA-2022-9276.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1915 vom 2022-05-10", "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "category": "external", "summary": "AVAYA Security Advisory ASA-2022-053 vom 2022-07-18", "url": "https://downloads.avaya.com/css/P8/documents/101082704" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202208-20 vom 2022-08-14", "url": "https://security.gentoo.org/glsa/202208-20" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6753 vom 2022-09-29", "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7144 vom 2022-10-27", "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-7647 vom 2022-11-15", "url": "https://linux.oracle.com/errata/ELSA-2022-7647.html" }, { "category": "external", "summary": "IBM Security Bulletin 6840311 vom 2022-11-19", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-http-cve-2021-33193-and-cve-2021-44224-affects-power-hmc/" } ], "source_lang": "en-US", "title": "Apache HTTP Server: Schwachstelle erm\u00f6glicht Denial of Service", "tracking": { "current_release_date": "2023-03-05T23:00:00.000+00:00", "generator": { "date": "2024-02-15T16:53:15.200+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0722", "initial_release_date": "2021-08-16T22:00:00.000+00:00", "revision_history": [ { "date": "2021-08-16T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2021-09-02T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-09-05T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-09-19T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von NetApp aufgenommen" }, { "date": "2021-09-27T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2021-09-28T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2021-10-06T22:00:00.000+00:00", "number": "7", "summary": "Referenz(en) aufgenommen: FEDORA-2021-5D2D4B6AC5" }, { "date": "2021-10-07T22:00:00.000+00:00", "number": "8", "summary": "Referenz(en) aufgenommen: FEDORA-2021-F94985AFCA" }, { "date": "2021-10-12T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-10-17T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2021-11-24T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Cisco aufgenommen" }, { "date": "2021-12-20T23:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Cisco aufgenommen" }, { "date": "2022-04-13T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2022-05-10T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-05-17T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2022-07-19T22:00:00.000+00:00", "number": "16", "summary": "Neue Updates von AVAYA aufgenommen" }, { "date": "2022-08-14T22:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Gentoo aufgenommen" }, { "date": "2022-09-29T22:00:00.000+00:00", "number": "18", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-26T22:00:00.000+00:00", "number": "19", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-11-15T23:00:00.000+00:00", "number": "20", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2022-11-20T23:00:00.000+00:00", "number": "21", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2023-03-05T23:00:00.000+00:00", "number": "22", "summary": "Neue Updates von Debian aufgenommen" } ], "status": "final", "version": "22" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Apache HTTP Server 2.4.17 - 2.4.48", "product": { "name": "Apache HTTP Server 2.4.17 - 2.4.48", "product_id": "T020167", "product_identification_helper": { "cpe": "cpe:/a:apache:http_server:2.4.17_-_2.4.48" } } } ], "category": "vendor", "name": "Apache" }, { "branches": [ { "category": "product_name", "name": "Avaya Aura Application Enablement Services", "product": { "name": "Avaya Aura Application Enablement Services", "product_id": "T015516", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_application_enablement_services:-" } } }, { "category": "product_name", "name": "Avaya Aura Communication Manager", "product": { "name": "Avaya Aura Communication Manager", "product_id": "T015126", "product_identification_helper": { "cpe": "cpe:/a:avaya:communication_manager:-" } } }, { "category": "product_name", "name": "Avaya Aura Experience Portal", "product": { "name": "Avaya Aura Experience Portal", "product_id": "T015519", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_experience_portal:-" } } }, { "category": "product_name", "name": "Avaya Aura Session Manager", "product": { "name": "Avaya Aura Session Manager", "product_id": "T015127", "product_identification_helper": { "cpe": "cpe:/a:avaya:session_manager:-" } } }, { "category": "product_name", "name": "Avaya Aura System Manager", "product": { "name": "Avaya Aura System Manager", "product_id": "T015518", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_system_manager:-" } } } ], "category": "vendor", "name": "Avaya" }, { "branches": [ { "category": "product_name", "name": "Cisco Expressway", "product": { "name": "Cisco Expressway", "product_id": "T014329", "product_identification_helper": { "cpe": "cpe:/a:cisco:expressway_software:-" } } }, { "category": "product_name", "name": "Cisco FXOS", "product": { "name": "Cisco FXOS", "product_id": "660564", "product_identification_helper": { "cpe": "cpe:/o:cisco:fxos:-" } } }, { "category": "product_name", "name": "Cisco Firepower", "product": { "name": "Cisco Firepower", "product_id": "T011337", "product_identification_helper": { "cpe": "cpe:/a:cisco:firepower:-" } } }, { "category": "product_name", "name": "Cisco Prime Collaboration Provisioning", "product": { "name": "Cisco Prime Collaboration Provisioning", "product_id": "T021406", "product_identification_helper": { "cpe": "cpe:/a:cisco:prime_collaboration:::provisioning" } } }, { "category": "product_name", "name": "Cisco Prime Infrastructure", "product": { "name": "Cisco Prime Infrastructure", "product_id": "T000756", "product_identification_helper": { "cpe": "cpe:/a:cisco:prime_infrastructure:-" } } }, { "category": "product_name", "name": "Cisco Security Manager (CSM)", "product": { "name": "Cisco Security Manager (CSM)", "product_id": "95918", "product_identification_helper": { "cpe": "cpe:/a:cisco:security_manager:-" } } }, { "category": "product_name", "name": "Cisco Unified Computing System (UCS)", "product": { "name": "Cisco Unified Computing System (UCS)", "product_id": "163824", "product_identification_helper": { "cpe": "cpe:/h:cisco:unified_computing_system:-" } } }, { "category": "product_name", "name": "Cisco Wide Area Application Services", "product": { "name": "Cisco Wide Area Application Services", "product_id": "2186", "product_identification_helper": { "cpe": "cpe:/a:cisco:wide_area_application_services:-" } } } ], "category": "vendor", "name": "Cisco" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "category": "product_name", "name": "IBM Power Hardware Management Console", "product": { "name": "IBM Power Hardware Management Console", "product_id": "5114", "product_identification_helper": { "cpe": "cpe:/a:ibm:hardware_management_console:-" } } } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-33193", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Apache HTTP Server. Eine \u00fcber HTTP/2 gesendete methode wird nur ungen\u00fcgend validiert und von mod_proxy weitergeleitet, was zu einem Request Splitting oder Cache Poisoning f\u00fchren und in der Folge zu einem Denial of Service f\u00fchren kann. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen." } ], "product_status": { "known_affected": [ "163824", "T015519", "T015518", "67646", "T014329", "T015516", "T011337", "5114", "T015127", "2186", "T015126", "T012167", "T004914", "T000756", "T020167", "2951", "T002207", "T021406", "T000126", "660564", "95918", "398363" ] }, "release_date": "2021-08-16T22:00:00Z", "title": "CVE-2021-33193" } ] }
ghsa-p9fg-6rr5-38xc
Vulnerability from github
Published
2022-05-24 19:11
Modified
2022-05-24 19:11
Severity ?
Details
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
{ "affected": [], "aliases": [ "CVE-2021-33193" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2021-08-16T08:15:00Z", "severity": "HIGH" }, "details": "A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.", "id": "GHSA-p9fg-6rr5-38xc", "modified": "2022-05-24T19:11:19Z", "published": "2022-05-24T19:11:19Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33193" }, { "type": "WEB", "url": "https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00002.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG" }, { "type": "WEB", "url": "https://portswigger.net/research/http2" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202208-20" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20210917-0004" }, { "type": "WEB", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "type": "WEB", "url": "https://www.tenable.com/security/tns-2021-17" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.