Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-48279
Vulnerability from cvelistv5
Published
2023-01-20 00:00
Modified
2024-08-03 15:10
Severity ?
EPSS score ?
Summary
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:10:59.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6" }, { "tags": [ "x_transferred" ], "url": "https://github.com/SpiderLabs/ModSecurity/pull/2797" }, { "tags": [ "x_transferred" ], "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8" }, { "tags": [ "x_transferred" ], "url": "https://github.com/SpiderLabs/ModSecurity/pull/2795" }, { "tags": [ "x_transferred" ], "url": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/" }, { "name": "[debian-lts-announce] 20230126 [SECURITY] [DLA 3283-1] modsecurity-apache security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html" }, { "name": "FEDORA-2023-8aa264d5c5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/" }, { "name": "FEDORA-2023-09f0496e60", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/" }, { "name": "FEDORA-2023-bc61f7a145", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-22T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6" }, { "url": "https://github.com/SpiderLabs/ModSecurity/pull/2797" }, { "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8" }, { "url": "https://github.com/SpiderLabs/ModSecurity/pull/2795" }, { "url": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/" }, { "name": "[debian-lts-announce] 20230126 [SECURITY] [DLA 3283-1] modsecurity-apache security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html" }, { "name": "FEDORA-2023-8aa264d5c5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/" }, { "name": "FEDORA-2023-09f0496e60", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/" }, { "name": "FEDORA-2023-bc61f7a145", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-48279", "datePublished": "2023-01-20T00:00:00", "dateReserved": "2023-01-20T00:00:00", "dateUpdated": "2024-08-03T15:10:59.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-48279\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-01-20T19:15:17.783\",\"lastModified\":\"2024-11-21T07:33:04.490\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.\"},{\"lang\":\"es\",\"value\":\"En ModSecurity anterior a 2.9.6 y 3.x anterior a 3.0.8, las solicitudes HTTP multiparte se analizaban incorrectamente y pod\u00edan omitir el Firewall de aplicaciones web. NOTA: esto est\u00e1 relacionado con CVE-2022-39956, pero puede considerarse cambios independientes en el c\u00f3digo base de ModSecurity (lenguaje C).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-436\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.9.6\",\"matchCriteriaId\":\"54497FC8-5BF6-4E81-9C7E-F01AEBCB2AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.8\",\"matchCriteriaId\":\"D3B974C9-92E4-4493-9C5F-8CF1F8A74068\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/SpiderLabs/ModSecurity/pull/2795\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/SpiderLabs/ModSecurity/pull/2797\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/SpiderLabs/ModSecurity/pull/2795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/SpiderLabs/ModSecurity/pull/2797\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
rhsa-2023_4629
Vulnerability from csaf_redhat
Published
2023-08-15 17:43
Modified
2024-11-22 23:46
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update
Notes
Topic
An update is now available for Red Hat JBoss Core Services.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.
Security Fix(es):
* apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963)
* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)
* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)
* mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279)
* modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021)
* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)
* curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319)
* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)
* curl: more POST-after-PUT confusion (CVE-2023-28322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Core Services.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)\n\n* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)\n\n* mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279)\n\n* modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021)\n\n* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)\n\n* curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319)\n\n* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)\n\n* curl: more POST-after-PUT confusion (CVE-2023-28322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:4629", "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2161773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161773" }, { "category": "external", "summary": "2161777", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161777" }, { "category": "external", "summary": "2163615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163615" }, { "category": "external", "summary": "2163622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163622" }, { "category": "external", "summary": "2169465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465" }, { "category": "external", "summary": "2176211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176211" }, { "category": "external", "summary": "2196778", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196778" }, { "category": "external", "summary": "2196786", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786" }, { "category": "external", "summary": "2196793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4629.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update", "tracking": { "current_release_date": "2024-11-22T23:46:32+00:00", "generator": { "date": "2024-11-22T23:46:32+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:4629", "initial_release_date": "2023-08-15T17:43:48+00:00", "revision_history": [ { "date": "2023-08-15T17:43:48+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-08-15T17:43:48+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T23:46:32+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product": { "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el7" } } }, { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 8", "product": { "name": "Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "product": { "name": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "product_id": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.2.1-1.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "product": { "name": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "product_id": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.7.0-8.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-102.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "product_id": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-5.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-28.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-51.redhat_1.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "product_id": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-25.el7jbcs?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.19-4.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-29.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "product": { "name": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "product_id": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.2.1-1.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "product": { "name": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "product_id": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.7.0-8.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-102.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "product_id": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-5.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-28.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-51.redhat_1.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "product_id": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-25.el8jbcs?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.19-4.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-29.el8jbcs?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.2.1-1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@8.2.1-1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@8.2.1-1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@8.2.1-1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.7.0-8.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.7.0-8.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.7.0-8.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-102.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-102.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-102.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-102.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-102.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-102.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-102.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-102.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-102.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-102.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-5.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.57-5.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.57-5.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.57-5.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.57-5.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.57-5.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.57-5.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.57-5.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.57-5.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-28.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.19-28.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-51.redhat_1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.48-51.redhat_1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-25.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.4.0-25.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.19-4.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster-debuginfo@1.3.19-4.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-29.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.3-29.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.2.1-1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@8.2.1-1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@8.2.1-1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@8.2.1-1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-debuginfo@8.2.1-1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.7.0-8.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.7.0-8.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.7.0-8.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap-debuginfo@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql-debuginfo@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss-debuginfo@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc-debuginfo@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl-debuginfo@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql-debuginfo@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite-debuginfo@1.6.1-102.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-5.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.57-5.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.57-5.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.57-5.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.57-5.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.57-5.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.57-5.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.57-5.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.57-5.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools-debuginfo@2.4.57-5.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap-debuginfo@2.4.57-5.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html-debuginfo@2.4.57-5.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session-debuginfo@2.4.57-5.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl-debuginfo@2.4.57-5.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-28.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.19-28.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-51.redhat_1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24-debuginfo@1.2.48-51.redhat_1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-25.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.4.0-25.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.19-4.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster-debuginfo@1.3.19-4.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-29.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.3-29.el8jbcs?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.57-5.el7jbcs?arch=noarch" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.57-5.el8jbcs?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src" }, "product_reference": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src" }, "product_reference": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src" }, "product_reference": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src" }, "product_reference": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-24963", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2023-02-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2169465" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr: integer overflow/wraparound in apr_encode", "title": "Vulnerability summary" }, { "category": "other", "text": "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24963" }, { "category": "external", "summary": "RHBZ#2169465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24963", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24963" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963" }, { "category": "external", "summary": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9" } ], "release_date": "2023-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:43:48+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4629" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr: integer overflow/wraparound in apr_encode" }, { "cve": "CVE-2022-36760", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-01-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2161777" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_ajp: Possible request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects configurations with mod_proxy_ajp loaded and with an AJP backend configured. If there is no proxy configured to an AJP backend the server is not affected and no further mitigation is needed. For more information about the mitigation, check the mitigation section below.\n\nThe httpd mod_proxy_ajp module is enabled by default on Red Hat Enterprise Linux 6, 7, 8, 9, and in RHSCL. However, there are no directives forwarding requests using the AJP protocol.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-36760" }, { "category": "external", "summary": "RHBZ#2161777", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161777" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-36760", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36760" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36760", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36760" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760" } ], "release_date": "2023-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:43:48+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4629" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_ajp: Possible request smuggling" }, { "cve": "CVE-2022-37436", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2023-01-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2161773" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mod_proxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy: HTTP response splitting", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is only exploitable via bad headers generated by a malicious backend or a malicious application.\n\nhttpd as shipped in Red Hat Enterprise Linux 7, 8, 9 and in RHSCL is vulnerable to this flaw. httpd as shipped in Red Hat Enterprise Linux 6 is not affected.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37436" }, { "category": "external", "summary": "RHBZ#2161773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161773" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37436", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37436" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37436", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37436" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436" } ], "release_date": "2023-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:43:48+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. It\u0027s recommended to update the affected packages as soon as an update is available.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy: HTTP response splitting" }, { "cve": "CVE-2022-48279", "cwe": { "id": "CWE-1389", "name": "Incorrect Parsing of Numbers with Different Radices" }, "discovery_date": "2023-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2163622" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity (C language) codebase.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-48279" }, { "category": "external", "summary": "RHBZ#2163622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163622" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-48279", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48279" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48279", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48279" } ], "release_date": "2023-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:43:48+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4629" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass" }, { "cve": "CVE-2023-24021", "cwe": { "id": "CWE-402", "name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)" }, "discovery_date": "2023-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2163615" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in ModSecurity. This issue occurs when FILES_TMP_CONTENT lacks complete content, which can lead to a Web Application Firewall bypass.", "title": "Vulnerability description" }, { "category": "summary", "text": "modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24021" }, { "category": "external", "summary": "RHBZ#2163615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163615" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24021", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24021" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24021", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24021" } ], "release_date": "2023-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:43:48+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4629" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass" }, { "cve": "CVE-2023-27522", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2023-03-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2176211" } ], "notes": [ { "category": "description", "text": "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_uwsgi HTTP response splitting", "title": "Vulnerability summary" }, { "category": "other", "text": "The HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi has been categorized as moderate severity for Red Hat Enterprise Linux due to several technical factors. While the potential impact of this vulnerability is significant, its exploitation requires specific conditions, including the presence of mod_proxy_uwsgi and the ability to inject specially crafted headers into requests. Additionally, successful exploitation depends on the specific configuration of the server and the network environment. Furthermore, the vulnerability primarily affects the integrity and reliability of HTTP responses, rather than directly leading to remote code execution or unauthorized access. Therefore, the likelihood of exploitation and the potential impact on affected systems have been evaluated as moderate, warranting attention and remediation but not categorized as important.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27522" }, { "category": "external", "summary": "RHBZ#2176211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176211" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27522", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27522" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27522", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27522" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2023-03-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:43:48+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_uwsgi HTTP response splitting" }, { "acknowledgments": [ { "names": [ "Wei Chong Tan", "Daniel Stenberg" ] } ], "cve": "CVE-2023-28319", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-05-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2196778" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: use after free in SSH sha256 fingerprint check", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability does not affect the Curl package as shipped in Red Hat Enterprise Linux 6, 7, 8 and 9.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-28319" }, { "category": "external", "summary": "RHBZ#2196778", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196778" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-28319", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28319" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-28319.html", "url": "https://curl.se/docs/CVE-2023-28319.html" } ], "release_date": "2023-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:43:48+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4629" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: use after free in SSH sha256 fingerprint check" }, { "acknowledgments": [ { "names": [ "Hiroki Kurosawa", "Daniel Stenberg" ] } ], "cve": "CVE-2023-28321", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2023-05-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2196786" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: IDN wildcard match may lead to Improper Cerificate Validation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-28321" }, { "category": "external", "summary": "RHBZ#2196786", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-28321", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28321", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28321" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-28321.html", "url": "https://curl.se/docs/CVE-2023-28321.html" } ], "release_date": "2023-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:43:48+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4629" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: IDN wildcard match may lead to Improper Cerificate Validation" }, { "acknowledgments": [ { "names": [ "Hiroki Kurosawa", "Daniel Stenberg" ] } ], "cve": "CVE-2023-28322", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2023-05-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2196793" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: more POST-after-PUT confusion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-28322" }, { "category": "external", "summary": "RHBZ#2196793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-28322", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28322", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28322" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-28322.html", "url": "https://curl.se/docs/CVE-2023-28322.html" } ], "release_date": "2023-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:43:48+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4629" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: more POST-after-PUT confusion" } ] }
rhsa-2023_4628
Vulnerability from csaf_redhat
Published
2023-08-15 17:37
Modified
2024-11-22 23:56
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update
Notes
Topic
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963)
* apr-util: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)
* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)
* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)
* mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279)
* modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021)
* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)
* curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319)
* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)
* libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484)
* libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
* curl: more POST-after-PUT confusion (CVE-2023-28322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* apr-util: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)\n\n* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)\n\n* mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279)\n\n* modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021)\n\n* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)\n\n* curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319)\n\n* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)\n\n* libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484)\n\n* libxml2: Hashing of empty dict strings isn\u0027t deterministic (CVE-2023-29469)\n\n* curl: more POST-after-PUT confusion (CVE-2023-28322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:4628", "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2161773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161773" }, { "category": "external", "summary": "2161777", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161777" }, { "category": "external", "summary": "2163615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163615" }, { "category": "external", "summary": "2163622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163622" }, { "category": "external", "summary": "2169465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465" }, { "category": "external", "summary": "2172556", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172556" }, { "category": "external", "summary": "2176211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176211" }, { "category": "external", "summary": "2185984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185984" }, { "category": "external", "summary": "2185994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185994" }, { "category": "external", "summary": "2196778", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196778" }, { "category": "external", "summary": "2196786", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786" }, { "category": "external", "summary": "2196793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4628.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update", "tracking": { "current_release_date": "2024-11-22T23:56:24+00:00", "generator": { "date": "2024-11-22T23:56:24+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:4628", "initial_release_date": "2023-08-15T17:37:09+00:00", "revision_history": [ { "date": "2023-08-15T17:37:09+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-08-15T17:37:09+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T23:56:24+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services 1", "product": { "name": "Red Hat JBoss Core Services 1", "product_id": "Red Hat JBoss Core Services 1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-24963", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2023-02-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2169465" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr: integer overflow/wraparound in apr_encode", "title": "Vulnerability summary" }, { "category": "other", "text": "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24963" }, { "category": "external", "summary": "RHBZ#2169465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24963", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24963" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963" }, { "category": "external", "summary": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9" } ], "release_date": "2023-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:37:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4628" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr: integer overflow/wraparound in apr_encode" }, { "cve": "CVE-2022-28331", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2023-02-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2172556" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Portable Runtime, affecting versions \u003c= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr: Windows out-of-bounds write in apr_socket_sendv function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-28331" }, { "category": "external", "summary": "RHBZ#2172556", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172556" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28331", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28331" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28331", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28331" }, { "category": "external", "summary": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", "url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r" } ], "release_date": "2023-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:37:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4628" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr: Windows out-of-bounds write in apr_socket_sendv function" }, { "cve": "CVE-2022-36760", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-01-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2161777" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_ajp: Possible request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects configurations with mod_proxy_ajp loaded and with an AJP backend configured. If there is no proxy configured to an AJP backend the server is not affected and no further mitigation is needed. For more information about the mitigation, check the mitigation section below.\n\nThe httpd mod_proxy_ajp module is enabled by default on Red Hat Enterprise Linux 6, 7, 8, 9, and in RHSCL. However, there are no directives forwarding requests using the AJP protocol.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-36760" }, { "category": "external", "summary": "RHBZ#2161777", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161777" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-36760", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36760" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36760", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36760" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760" } ], "release_date": "2023-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:37:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4628" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_ajp: Possible request smuggling" }, { "cve": "CVE-2022-37436", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2023-01-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2161773" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mod_proxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy: HTTP response splitting", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is only exploitable via bad headers generated by a malicious backend or a malicious application.\n\nhttpd as shipped in Red Hat Enterprise Linux 7, 8, 9 and in RHSCL is vulnerable to this flaw. httpd as shipped in Red Hat Enterprise Linux 6 is not affected.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37436" }, { "category": "external", "summary": "RHBZ#2161773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161773" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37436", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37436" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37436", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37436" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436" } ], "release_date": "2023-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:37:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. It\u0027s recommended to update the affected packages as soon as an update is available.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy: HTTP response splitting" }, { "cve": "CVE-2022-48279", "cwe": { "id": "CWE-1389", "name": "Incorrect Parsing of Numbers with Different Radices" }, "discovery_date": "2023-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2163622" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity (C language) codebase.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-48279" }, { "category": "external", "summary": "RHBZ#2163622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163622" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-48279", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48279" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48279", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48279" } ], "release_date": "2023-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:37:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4628" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass" }, { "cve": "CVE-2023-24021", "cwe": { "id": "CWE-402", "name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)" }, "discovery_date": "2023-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2163615" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in ModSecurity. This issue occurs when FILES_TMP_CONTENT lacks complete content, which can lead to a Web Application Firewall bypass.", "title": "Vulnerability description" }, { "category": "summary", "text": "modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24021" }, { "category": "external", "summary": "RHBZ#2163615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163615" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24021", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24021" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24021", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24021" } ], "release_date": "2023-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:37:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4628" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass" }, { "cve": "CVE-2023-27522", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2023-03-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2176211" } ], "notes": [ { "category": "description", "text": "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_uwsgi HTTP response splitting", "title": "Vulnerability summary" }, { "category": "other", "text": "The HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi has been categorized as moderate severity for Red Hat Enterprise Linux due to several technical factors. While the potential impact of this vulnerability is significant, its exploitation requires specific conditions, including the presence of mod_proxy_uwsgi and the ability to inject specially crafted headers into requests. Additionally, successful exploitation depends on the specific configuration of the server and the network environment. Furthermore, the vulnerability primarily affects the integrity and reliability of HTTP responses, rather than directly leading to remote code execution or unauthorized access. Therefore, the likelihood of exploitation and the potential impact on affected systems have been evaluated as moderate, warranting attention and remediation but not categorized as important.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27522" }, { "category": "external", "summary": "RHBZ#2176211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176211" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27522", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27522" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27522", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27522" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2023-03-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:37:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_uwsgi HTTP response splitting" }, { "acknowledgments": [ { "names": [ "Wei Chong Tan", "Daniel Stenberg" ] } ], "cve": "CVE-2023-28319", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2196778" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: use after free in SSH sha256 fingerprint check", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability does not affect the Curl package as shipped in Red Hat Enterprise Linux 6, 7, 8 and 9.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-28319" }, { "category": "external", "summary": "RHBZ#2196778", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196778" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-28319", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28319" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-28319.html", "url": "https://curl.se/docs/CVE-2023-28319.html" } ], "release_date": "2023-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:37:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4628" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: use after free in SSH sha256 fingerprint check" }, { "acknowledgments": [ { "names": [ "Hiroki Kurosawa", "Daniel Stenberg" ] } ], "cve": "CVE-2023-28321", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2023-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2196786" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: IDN wildcard match may lead to Improper Cerificate Validation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-28321" }, { "category": "external", "summary": "RHBZ#2196786", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-28321", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28321", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28321" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-28321.html", "url": "https://curl.se/docs/CVE-2023-28321.html" } ], "release_date": "2023-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:37:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4628" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: IDN wildcard match may lead to Improper Cerificate Validation" }, { "acknowledgments": [ { "names": [ "Hiroki Kurosawa", "Daniel Stenberg" ] } ], "cve": "CVE-2023-28322", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2023-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2196793" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: more POST-after-PUT confusion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-28322" }, { "category": "external", "summary": "RHBZ#2196793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-28322", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28322", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28322" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-28322.html", "url": "https://curl.se/docs/CVE-2023-28322.html" } ], "release_date": "2023-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:37:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4628" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: more POST-after-PUT confusion" }, { "cve": "CVE-2023-28484", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185994" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: NULL dereference in xmlSchemaFixupComplexType", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-28484" }, { "category": "external", "summary": "RHBZ#2185994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185994" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-28484", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28484" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28484", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28484" } ], "release_date": "2023-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:37:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4628" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: NULL dereference in xmlSchemaFixupComplexType" }, { "cve": "CVE-2023-29469", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185984" } ], "notes": [ { "category": "description", "text": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren\u0027t null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Hashing of empty dict strings isn\u0027t deterministic", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-29469" }, { "category": "external", "summary": "RHBZ#2185984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185984" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-29469", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29469" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29469", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29469" } ], "release_date": "2023-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-08-15T17:37:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4628" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Hashing of empty dict strings isn\u0027t deterministic" } ] }
gsd-2022-48279
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2022-48279", "description": "In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.", "id": "GSD-2022-48279", "references": [ "https://www.suse.com/security/cve/CVE-2022-48279.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-48279" ], "details": "In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.", "id": "GSD-2022-48279", "modified": "2023-12-13T01:19:25.816901Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-48279", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6", "refsource": "MISC", "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6" }, { "name": "https://github.com/SpiderLabs/ModSecurity/pull/2797", "refsource": "MISC", "url": "https://github.com/SpiderLabs/ModSecurity/pull/2797" }, { "name": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8", "refsource": "MISC", "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8" }, { "name": "https://github.com/SpiderLabs/ModSecurity/pull/2795", "refsource": "MISC", "url": "https://github.com/SpiderLabs/ModSecurity/pull/2795" }, { "name": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/", "refsource": "MISC", "url": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/" }, { "name": "[debian-lts-announce] 20230126 [SECURITY] [DLA 3283-1] modsecurity-apache security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html" }, { "name": "FEDORA-2023-8aa264d5c5", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/" }, { "name": "FEDORA-2023-09f0496e60", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/" }, { "name": "FEDORA-2023-bc61f7a145", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.8", "versionStartIncluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-48279" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-269" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/SpiderLabs/ModSecurity/pull/2797", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/SpiderLabs/ModSecurity/pull/2797" }, { "name": "https://github.com/SpiderLabs/ModSecurity/pull/2795", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/SpiderLabs/ModSecurity/pull/2795" }, { "name": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8", "refsource": "MISC", "tags": [ "Release Notes", "Third Party Advisory" ], "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8" }, { "name": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/", "refsource": "MISC", "tags": [ "Not Applicable" ], "url": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/" }, { "name": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6", "refsource": "MISC", "tags": [ "Release Notes", "Third Party Advisory" ], "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6" }, { "name": "[debian-lts-announce] 20230126 [SECURITY] [DLA 3283-1] modsecurity-apache security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html" }, { "name": "FEDORA-2023-bc61f7a145", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/" }, { "name": "FEDORA-2023-8aa264d5c5", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/" }, { "name": "FEDORA-2023-09f0496e60", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2023-04-22T03:15Z", "publishedDate": "2023-01-20T19:15Z" } } }
wid-sec-w-2023-0188
Vulnerability from csaf_certbund
Published
2023-01-23 23:00
Modified
2024-05-01 22:00
Summary
Trustwave ModSecurity: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
ModSecurity ist eine Open Source Web Application Firewall, die für verschiedene Webserver verfügbar ist.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trustwave ModSecurity ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "ModSecurity ist eine Open Source Web Application Firewall, die f\u00fcr verschiedene Webserver verf\u00fcgbar ist.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trustwave ModSecurity ausnutzen, um Sicherheitsvorkehrungen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0188 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0188.json" }, { "category": "self", "summary": "WID-SEC-2023-0188 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0188" }, { "category": "external", "summary": "Red Hat Bugzilla Bug ID: 2163615 vom 2023-01-23", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163615" }, { "category": "external", "summary": "Red Hat Bugzilla Bug ID: 2163622 vom 2023-01-23", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163622" }, { "category": "external", "summary": "Debian Security Advisory DLA-3283 vom 2023-01-26", "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:0318-1 vom 2023-02-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013708.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:0314-1 vom 2023-02-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013707.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:0317-1 vom 2023-02-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013701.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:0431-1 vom 2023-02-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013778.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:0447-1 vom 2023-02-17", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013836.html" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-8AA264D5C5 vom 2023-04-14", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-8aa264d5c5" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-BC61F7A145 vom 2023-04-14", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-bc61f7a145" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-09F0496E60 vom 2023-04-14", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-09f0496e60" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2023-1763 vom 2023-06-09", "url": "https://alas.aws.amazon.com/ALAS-2023-1763.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2023-2098 vom 2023-07-01", "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2098.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2023-1772 vom 2023-07-04", "url": "https://alas.aws.amazon.com/ALAS-2023-1772.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4629 vom 2023-08-15", "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4628 vom 2023-08-15", "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6370-1 vom 2023-09-14", "url": "https://ubuntu.com/security/notices/USN-6370-1" }, { "category": "external", "summary": "HPE Security Bulletin vom 2024-04-30", "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04639en_us\u0026docLocale=en_US" } ], "source_lang": "en-US", "title": "Trustwave ModSecurity: Mehrere Schwachstellen erm\u00f6glichen Umgehen von Sicherheitsvorkehrungen", "tracking": { "current_release_date": "2024-05-01T22:00:00.000+00:00", "generator": { "date": "2024-05-02T08:40:59.376+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0188", "initial_release_date": "2023-01-23T23:00:00.000+00:00", "revision_history": [ { "date": "2023-01-23T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-01-26T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2023-02-09T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-02-15T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-02-19T23:00:00.000+00:00", "number": "5", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-04-13T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2023-06-08T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-07-02T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-07-03T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-08-15T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-09-14T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-05-01T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von HP aufgenommen" } ], "status": "final", "version": "12" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Fedora Linux", "product": { "name": "Fedora Linux", "product_id": "74185", "product_identification_helper": { "cpe": "cpe:/o:fedoraproject:fedora:-" } } } ], "category": "vendor", "name": "Fedora" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c8.90.00", "product": { "name": "HPE OneView \u003c8.90.00", "product_id": "T034488", "product_identification_helper": { "cpe": "cpe:/a:hp:oneview:8.90.00" } } } ], "category": "product_name", "name": "OneView" } ], "category": "vendor", "name": "HPE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c2.9.7", "product": { "name": "Trustwave ModSecurity \u003c2.9.7", "product_id": "T026013", "product_identification_helper": { "cpe": "cpe:/a:modsecurity:modsecurity:2.9.7" } } }, { "category": "product_version_range", "name": "\u003c3.0.8", "product": { "name": "Trustwave ModSecurity \u003c3.0.8", "product_id": "T026014", "product_identification_helper": { "cpe": "cpe:/a:modsecurity:modsecurity:3.0.8" } } }, { "category": "product_version_range", "name": "\u003c2.9.6", "product": { "name": "Trustwave ModSecurity \u003c2.9.6", "product_id": "T026015", "product_identification_helper": { "cpe": "cpe:/a:modsecurity:modsecurity:2.9.6" } } } ], "category": "product_name", "name": "ModSecurity" } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services", "product": { "name": "Red Hat JBoss Core Services", "product_id": "T012412", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-48279", "notes": [ { "category": "description", "text": "In Trustwave ModSecurity existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Verarbeitung von HTTP-Anfragen zur\u00fcckzuf\u00fchren sowie auf einen Fehler beim Verarbeiten von TMP-Dateien. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T012412", "398363", "T034488", "74185" ] }, "release_date": "2023-01-23T23:00:00Z", "title": "CVE-2022-48279" }, { "cve": "CVE-2023-24021", "notes": [ { "category": "description", "text": "In Trustwave ModSecurity existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Verarbeitung von HTTP-Anfragen zur\u00fcckzuf\u00fchren sowie auf einen Fehler beim Verarbeiten von TMP-Dateien. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T012412", "398363", "T034488", "74185" ] }, "release_date": "2023-01-23T23:00:00Z", "title": "CVE-2023-24021" } ] }
WID-SEC-W-2023-0188
Vulnerability from csaf_certbund
Published
2023-01-23 23:00
Modified
2024-05-01 22:00
Summary
Trustwave ModSecurity: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
ModSecurity ist eine Open Source Web Application Firewall, die für verschiedene Webserver verfügbar ist.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trustwave ModSecurity ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "ModSecurity ist eine Open Source Web Application Firewall, die f\u00fcr verschiedene Webserver verf\u00fcgbar ist.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trustwave ModSecurity ausnutzen, um Sicherheitsvorkehrungen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0188 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0188.json" }, { "category": "self", "summary": "WID-SEC-2023-0188 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0188" }, { "category": "external", "summary": "Red Hat Bugzilla Bug ID: 2163615 vom 2023-01-23", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163615" }, { "category": "external", "summary": "Red Hat Bugzilla Bug ID: 2163622 vom 2023-01-23", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163622" }, { "category": "external", "summary": "Debian Security Advisory DLA-3283 vom 2023-01-26", "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:0318-1 vom 2023-02-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013708.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:0314-1 vom 2023-02-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013707.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:0317-1 vom 2023-02-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013701.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:0431-1 vom 2023-02-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013778.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:0447-1 vom 2023-02-17", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013836.html" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-8AA264D5C5 vom 2023-04-14", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-8aa264d5c5" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-BC61F7A145 vom 2023-04-14", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-bc61f7a145" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-09F0496E60 vom 2023-04-14", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-09f0496e60" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2023-1763 vom 2023-06-09", "url": "https://alas.aws.amazon.com/ALAS-2023-1763.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2023-2098 vom 2023-07-01", "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2098.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2023-1772 vom 2023-07-04", "url": "https://alas.aws.amazon.com/ALAS-2023-1772.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4629 vom 2023-08-15", "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4628 vom 2023-08-15", "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6370-1 vom 2023-09-14", "url": "https://ubuntu.com/security/notices/USN-6370-1" }, { "category": "external", "summary": "HPE Security Bulletin vom 2024-04-30", "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04639en_us\u0026docLocale=en_US" } ], "source_lang": "en-US", "title": "Trustwave ModSecurity: Mehrere Schwachstellen erm\u00f6glichen Umgehen von Sicherheitsvorkehrungen", "tracking": { "current_release_date": "2024-05-01T22:00:00.000+00:00", "generator": { "date": "2024-05-02T08:40:59.376+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0188", "initial_release_date": "2023-01-23T23:00:00.000+00:00", "revision_history": [ { "date": "2023-01-23T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-01-26T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2023-02-09T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-02-15T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-02-19T23:00:00.000+00:00", "number": "5", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-04-13T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2023-06-08T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-07-02T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-07-03T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-08-15T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-09-14T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-05-01T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von HP aufgenommen" } ], "status": "final", "version": "12" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Fedora Linux", "product": { "name": "Fedora Linux", "product_id": "74185", "product_identification_helper": { "cpe": "cpe:/o:fedoraproject:fedora:-" } } } ], "category": "vendor", "name": "Fedora" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c8.90.00", "product": { "name": "HPE OneView \u003c8.90.00", "product_id": "T034488", "product_identification_helper": { "cpe": "cpe:/a:hp:oneview:8.90.00" } } } ], "category": "product_name", "name": "OneView" } ], "category": "vendor", "name": "HPE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c2.9.7", "product": { "name": "Trustwave ModSecurity \u003c2.9.7", "product_id": "T026013", "product_identification_helper": { "cpe": "cpe:/a:modsecurity:modsecurity:2.9.7" } } }, { "category": "product_version_range", "name": "\u003c3.0.8", "product": { "name": "Trustwave ModSecurity \u003c3.0.8", "product_id": "T026014", "product_identification_helper": { "cpe": "cpe:/a:modsecurity:modsecurity:3.0.8" } } }, { "category": "product_version_range", "name": "\u003c2.9.6", "product": { "name": "Trustwave ModSecurity \u003c2.9.6", "product_id": "T026015", "product_identification_helper": { "cpe": "cpe:/a:modsecurity:modsecurity:2.9.6" } } } ], "category": "product_name", "name": "ModSecurity" } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services", "product": { "name": "Red Hat JBoss Core Services", "product_id": "T012412", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-48279", "notes": [ { "category": "description", "text": "In Trustwave ModSecurity existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Verarbeitung von HTTP-Anfragen zur\u00fcckzuf\u00fchren sowie auf einen Fehler beim Verarbeiten von TMP-Dateien. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T012412", "398363", "T034488", "74185" ] }, "release_date": "2023-01-23T23:00:00Z", "title": "CVE-2022-48279" }, { "cve": "CVE-2023-24021", "notes": [ { "category": "description", "text": "In Trustwave ModSecurity existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Verarbeitung von HTTP-Anfragen zur\u00fcckzuf\u00fchren sowie auf einen Fehler beim Verarbeiten von TMP-Dateien. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T012412", "398363", "T034488", "74185" ] }, "release_date": "2023-01-23T23:00:00Z", "title": "CVE-2023-24021" } ] }
ghsa-6fhx-fm6h-hpxq
Vulnerability from github
Published
2023-01-20 21:30
Modified
2023-02-02 15:30
Severity ?
Details
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
{ "affected": [], "aliases": [ "CVE-2022-48279" ], "database_specific": { "cwe_ids": [ "CWE-269" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-01-20T19:15:00Z", "severity": "HIGH" }, "details": "In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.", "id": "GHSA-6fhx-fm6h-hpxq", "modified": "2023-02-02T15:30:37Z", "published": "2023-01-20T21:30:30Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48279" }, { "type": "WEB", "url": "https://github.com/SpiderLabs/ModSecurity/pull/2795" }, { "type": "WEB", "url": "https://github.com/SpiderLabs/ModSecurity/pull/2797" }, { "type": "WEB", "url": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves" }, { "type": "WEB", "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6" }, { "type": "WEB", "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.