rhsa-2022_8067
Vulnerability from csaf_redhat
Published
2022-11-15 09:58
Modified
2024-11-15 15:00
Summary
Red Hat Security Advisory: httpd security, bug fix, and enhancement update
Notes
Topic
An update for httpd is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
The following packages have been upgraded to a later upstream version: httpd (2.4.53). (BZ#2079939)
Security Fix(es):
* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)
* httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)
* httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)
* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
* httpd: Out-of-bounds read via ap_rwrite() (CVE-2022-28614)
* httpd: Out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for httpd is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nThe following packages have been upgraded to a later upstream version: httpd (2.4.53). (BZ#2079939)\n\nSecurity Fix(es):\n\n* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)\n\n* httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)\n\n* httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)\n\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)\n\n* httpd: Out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n* httpd: Out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8067",
"url": "https://access.redhat.com/errata/RHSA-2022:8067"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
},
{
"category": "external",
"summary": "2064319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064319"
},
{
"category": "external",
"summary": "2064320",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064320"
},
{
"category": "external",
"summary": "2064322",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064322"
},
{
"category": "external",
"summary": "2073459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073459"
},
{
"category": "external",
"summary": "2075406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075406"
},
{
"category": "external",
"summary": "2079939",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079939"
},
{
"category": "external",
"summary": "2094997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094997"
},
{
"category": "external",
"summary": "2095002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095002"
},
{
"category": "external",
"summary": "2095006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095006"
},
{
"category": "external",
"summary": "2095012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095012"
},
{
"category": "external",
"summary": "2095015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095015"
},
{
"category": "external",
"summary": "2095018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095018"
},
{
"category": "external",
"summary": "2095020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095020"
},
{
"category": "external",
"summary": "2095838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095838"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8067.json"
}
],
"title": "Red Hat Security Advisory: httpd security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-15T15:00:12+00:00",
"generator": {
"date": "2024-11-15T15:00:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:8067",
"initial_release_date": "2022-11-15T09:58:32+00:00",
"revision_history": [
{
"date": "2022-11-15T09:58:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-15T09:58:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T15:00:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.53-7.el9.src",
"product": {
"name": "httpd-0:2.4.53-7.el9.src",
"product_id": "httpd-0:2.4.53-7.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.53-7.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.53-7.el9.aarch64",
"product": {
"name": "httpd-0:2.4.53-7.el9.aarch64",
"product_id": "httpd-0:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.53-7.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-core-0:2.4.53-7.el9.aarch64",
"product": {
"name": "httpd-core-0:2.4.53-7.el9.aarch64",
"product_id": "httpd-core-0:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core@2.4.53-7.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.53-7.el9.aarch64",
"product": {
"name": "httpd-devel-0:2.4.53-7.el9.aarch64",
"product_id": "httpd-devel-0:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.53-7.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.53-7.el9.aarch64",
"product": {
"name": "httpd-tools-0:2.4.53-7.el9.aarch64",
"product_id": "httpd-tools-0:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.53-7.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.53-7.el9.aarch64",
"product": {
"name": "mod_ldap-0:2.4.53-7.el9.aarch64",
"product_id": "mod_ldap-0:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.53-7.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_lua-0:2.4.53-7.el9.aarch64",
"product": {
"name": "mod_lua-0:2.4.53-7.el9.aarch64",
"product_id": "mod_lua-0:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua@2.4.53-7.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.53-7.el9.aarch64",
"product": {
"name": "mod_proxy_html-1:2.4.53-7.el9.aarch64",
"product_id": "mod_proxy_html-1:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.53-7.el9?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.53-7.el9.aarch64",
"product": {
"name": "mod_session-0:2.4.53-7.el9.aarch64",
"product_id": "mod_session-0:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.53-7.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.53-7.el9.aarch64",
"product": {
"name": "mod_ssl-1:2.4.53-7.el9.aarch64",
"product_id": "mod_ssl-1:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.53-7.el9?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.53-7.el9.aarch64",
"product": {
"name": "httpd-debugsource-0:2.4.53-7.el9.aarch64",
"product_id": "httpd-debugsource-0:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.53-7.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"product": {
"name": "httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"product_id": "httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core-debuginfo@2.4.53-7.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"product": {
"name": "httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"product_id": "httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.53-7.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"product_id": "httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.53-7.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"product_id": "mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.53-7.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"product": {
"name": "mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"product_id": "mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua-debuginfo@2.4.53-7.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"product_id": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.53-7.el9?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"product": {
"name": "mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"product_id": "mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.53-7.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"product_id": "mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.53-7.el9?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.53-7.el9.ppc64le",
"product": {
"name": "httpd-0:2.4.53-7.el9.ppc64le",
"product_id": "httpd-0:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.53-7.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-core-0:2.4.53-7.el9.ppc64le",
"product": {
"name": "httpd-core-0:2.4.53-7.el9.ppc64le",
"product_id": "httpd-core-0:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core@2.4.53-7.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.53-7.el9.ppc64le",
"product": {
"name": "httpd-devel-0:2.4.53-7.el9.ppc64le",
"product_id": "httpd-devel-0:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.53-7.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.53-7.el9.ppc64le",
"product": {
"name": "httpd-tools-0:2.4.53-7.el9.ppc64le",
"product_id": "httpd-tools-0:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.53-7.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.53-7.el9.ppc64le",
"product": {
"name": "mod_ldap-0:2.4.53-7.el9.ppc64le",
"product_id": "mod_ldap-0:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.53-7.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_lua-0:2.4.53-7.el9.ppc64le",
"product": {
"name": "mod_lua-0:2.4.53-7.el9.ppc64le",
"product_id": "mod_lua-0:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua@2.4.53-7.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"product": {
"name": "mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"product_id": "mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.53-7.el9?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.53-7.el9.ppc64le",
"product": {
"name": "mod_session-0:2.4.53-7.el9.ppc64le",
"product_id": "mod_session-0:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.53-7.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.53-7.el9.ppc64le",
"product": {
"name": "mod_ssl-1:2.4.53-7.el9.ppc64le",
"product_id": "mod_ssl-1:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.53-7.el9?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"product": {
"name": "httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"product_id": "httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.53-7.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"product": {
"name": "httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"product_id": "httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core-debuginfo@2.4.53-7.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"product": {
"name": "httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"product_id": "httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.53-7.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"product_id": "httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.53-7.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"product_id": "mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.53-7.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"product": {
"name": "mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"product_id": "mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua-debuginfo@2.4.53-7.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"product_id": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.53-7.el9?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"product": {
"name": "mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"product_id": "mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.53-7.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"product_id": "mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.53-7.el9?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.53-7.el9.x86_64",
"product": {
"name": "httpd-0:2.4.53-7.el9.x86_64",
"product_id": "httpd-0:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.53-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-core-0:2.4.53-7.el9.x86_64",
"product": {
"name": "httpd-core-0:2.4.53-7.el9.x86_64",
"product_id": "httpd-core-0:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core@2.4.53-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.53-7.el9.x86_64",
"product": {
"name": "httpd-devel-0:2.4.53-7.el9.x86_64",
"product_id": "httpd-devel-0:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.53-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.53-7.el9.x86_64",
"product": {
"name": "httpd-tools-0:2.4.53-7.el9.x86_64",
"product_id": "httpd-tools-0:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.53-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.53-7.el9.x86_64",
"product": {
"name": "mod_ldap-0:2.4.53-7.el9.x86_64",
"product_id": "mod_ldap-0:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.53-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_lua-0:2.4.53-7.el9.x86_64",
"product": {
"name": "mod_lua-0:2.4.53-7.el9.x86_64",
"product_id": "mod_lua-0:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua@2.4.53-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.53-7.el9.x86_64",
"product": {
"name": "mod_proxy_html-1:2.4.53-7.el9.x86_64",
"product_id": "mod_proxy_html-1:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.53-7.el9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.53-7.el9.x86_64",
"product": {
"name": "mod_session-0:2.4.53-7.el9.x86_64",
"product_id": "mod_session-0:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.53-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.53-7.el9.x86_64",
"product": {
"name": "mod_ssl-1:2.4.53-7.el9.x86_64",
"product_id": "mod_ssl-1:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.53-7.el9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.53-7.el9.x86_64",
"product": {
"name": "httpd-debugsource-0:2.4.53-7.el9.x86_64",
"product_id": "httpd-debugsource-0:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.53-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"product": {
"name": "httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"product_id": "httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core-debuginfo@2.4.53-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"product_id": "httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.53-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"product_id": "httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.53-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"product_id": "mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.53-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"product": {
"name": "mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"product_id": "mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua-debuginfo@2.4.53-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"product_id": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.53-7.el9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"product": {
"name": "mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"product_id": "mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.53-7.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64",
"product_id": "mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.53-7.el9?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.53-7.el9.s390x",
"product": {
"name": "httpd-0:2.4.53-7.el9.s390x",
"product_id": "httpd-0:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.53-7.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-core-0:2.4.53-7.el9.s390x",
"product": {
"name": "httpd-core-0:2.4.53-7.el9.s390x",
"product_id": "httpd-core-0:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core@2.4.53-7.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.53-7.el9.s390x",
"product": {
"name": "httpd-devel-0:2.4.53-7.el9.s390x",
"product_id": "httpd-devel-0:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.53-7.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.53-7.el9.s390x",
"product": {
"name": "httpd-tools-0:2.4.53-7.el9.s390x",
"product_id": "httpd-tools-0:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.53-7.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.53-7.el9.s390x",
"product": {
"name": "mod_ldap-0:2.4.53-7.el9.s390x",
"product_id": "mod_ldap-0:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.53-7.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_lua-0:2.4.53-7.el9.s390x",
"product": {
"name": "mod_lua-0:2.4.53-7.el9.s390x",
"product_id": "mod_lua-0:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua@2.4.53-7.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.53-7.el9.s390x",
"product": {
"name": "mod_proxy_html-1:2.4.53-7.el9.s390x",
"product_id": "mod_proxy_html-1:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.53-7.el9?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.53-7.el9.s390x",
"product": {
"name": "mod_session-0:2.4.53-7.el9.s390x",
"product_id": "mod_session-0:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.53-7.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.53-7.el9.s390x",
"product": {
"name": "mod_ssl-1:2.4.53-7.el9.s390x",
"product_id": "mod_ssl-1:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.53-7.el9?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.53-7.el9.s390x",
"product": {
"name": "httpd-debugsource-0:2.4.53-7.el9.s390x",
"product_id": "httpd-debugsource-0:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.53-7.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"product": {
"name": "httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"product_id": "httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core-debuginfo@2.4.53-7.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.53-7.el9.s390x",
"product": {
"name": "httpd-debuginfo-0:2.4.53-7.el9.s390x",
"product_id": "httpd-debuginfo-0:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.53-7.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"product_id": "httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.53-7.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"product_id": "mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.53-7.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"product": {
"name": "mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"product_id": "mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua-debuginfo@2.4.53-7.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"product_id": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.53-7.el9?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"product": {
"name": "mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"product_id": "mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.53-7.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"product_id": "mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.53-7.el9?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-filesystem-0:2.4.53-7.el9.noarch",
"product": {
"name": "httpd-filesystem-0:2.4.53-7.el9.noarch",
"product_id": "httpd-filesystem-0:2.4.53-7.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-filesystem@2.4.53-7.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.4.53-7.el9.noarch",
"product": {
"name": "httpd-manual-0:2.4.53-7.el9.noarch",
"product_id": "httpd-manual-0:2.4.53-7.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.4.53-7.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64"
},
"product_reference": "httpd-0:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le"
},
"product_reference": "httpd-0:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x"
},
"product_reference": "httpd-0:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.53-7.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src"
},
"product_reference": "httpd-0:2.4.53-7.el9.src",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64"
},
"product_reference": "httpd-0:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-0:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64"
},
"product_reference": "httpd-core-0:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-0:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le"
},
"product_reference": "httpd-core-0:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-0:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x"
},
"product_reference": "httpd-core-0:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-0:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64"
},
"product_reference": "httpd-core-0:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-debuginfo-0:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64"
},
"product_reference": "httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le"
},
"product_reference": "httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-debuginfo-0:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x"
},
"product_reference": "httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-debuginfo-0:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64"
},
"product_reference": "httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64"
},
"product_reference": "httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64"
},
"product_reference": "httpd-debugsource-0:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le"
},
"product_reference": "httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x"
},
"product_reference": "httpd-debugsource-0:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64"
},
"product_reference": "httpd-debugsource-0:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64"
},
"product_reference": "httpd-devel-0:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x"
},
"product_reference": "httpd-devel-0:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64"
},
"product_reference": "httpd-devel-0:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-filesystem-0:2.4.53-7.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch"
},
"product_reference": "httpd-filesystem-0:2.4.53-7.el9.noarch",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.53-7.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch"
},
"product_reference": "httpd-manual-0:2.4.53-7.el9.noarch",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64"
},
"product_reference": "httpd-tools-0:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x"
},
"product_reference": "httpd-tools-0:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64"
},
"product_reference": "httpd-tools-0:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64"
},
"product_reference": "mod_ldap-0:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x"
},
"product_reference": "mod_ldap-0:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64"
},
"product_reference": "mod_ldap-0:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-0:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64"
},
"product_reference": "mod_lua-0:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-0:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le"
},
"product_reference": "mod_lua-0:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-0:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x"
},
"product_reference": "mod_lua-0:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-0:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64"
},
"product_reference": "mod_lua-0:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-debuginfo-0:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64"
},
"product_reference": "mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le"
},
"product_reference": "mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-debuginfo-0:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x"
},
"product_reference": "mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-debuginfo-0:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64"
},
"product_reference": "mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64"
},
"product_reference": "mod_proxy_html-1:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64"
},
"product_reference": "mod_session-0:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le"
},
"product_reference": "mod_session-0:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x"
},
"product_reference": "mod_session-0:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64"
},
"product_reference": "mod_session-0:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64"
},
"product_reference": "mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le"
},
"product_reference": "mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x"
},
"product_reference": "mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64"
},
"product_reference": "mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64"
},
"product_reference": "mod_ssl-1:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x"
},
"product_reference": "mod_ssl-1:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64"
},
"product_reference": "mod_ssl-1:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.53-7.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-22719",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064322"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_lua: Use of uninitialized value of in r:parsebody",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "httpd as shipped with Red Hat Enterprise Linux 6, is not affected by this flaw because it does not ship mod_lua.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22719"
},
{
"category": "external",
"summary": "RHBZ#2064322",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064322"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22719"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22719",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22719"
}
],
"release_date": "2022-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T09:58:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8067"
},
{
"category": "workaround",
"details": "Disabling mod_lua and restarting httpd will mitigate this flaw. See https://access.redhat.com/articles/10649 for more information.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_lua: Use of uninitialized value of in r:parsebody"
},
{
"cve": "CVE-2022-22721",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064320"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The default configuration of the LimitXMLRequestBody option on RHEL is 1MB and therefore is not vulnerable to this flaw. Also, this issue is known to only affect 32bit httpd builds.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22721"
},
{
"category": "external",
"summary": "RHBZ#2064320",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064320"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22721",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22721"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721"
}
],
"release_date": "2022-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T09:58:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8067"
},
{
"category": "workaround",
"details": "Set the LimitXMLRequestBody option to a value smaller than 350MB. Setting it to 0 is not recommended as it will use a hard limit (depending on 32bit or 64bit systems) which may result in an overall system out-of-memory. The default configuration is not vulnerable to this flaw, see the statement above.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody"
},
{
"cve": "CVE-2022-23943",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064319"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read/write vulnerability was found in the mod_sed module of httpd. This flaw allows an attacker to overwrite the memory of an httpd instance that is using mod_sed with data provided by the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_sed: Read/write beyond bounds",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The `mod_sed` module is disabled by default on Red Hat Enterprise Linux 7 and 8. For this reason, the flaw has been rated as having a security impact of Moderate. The httpd package as shipped with Red Hat Enterprise Linux 6 is not affected by this flaw because the `mod_sed` module is available only in httpd 2.3 and later.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23943"
},
{
"category": "external",
"summary": "RHBZ#2064319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064319"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23943"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23943",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23943"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-23943",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-23943"
}
],
"release_date": "2022-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T09:58:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8067"
},
{
"category": "workaround",
"details": "Disabling mod_sed and restarting httpd will mitigate this flaw. See https://access.redhat.com/articles/10649 for more information.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_sed: Read/write beyond bounds"
},
{
"cve": "CVE-2022-26377",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2094997"
}
],
"notes": [
{
"category": "description",
"text": "An HTTP request smuggling vulnerability was found in the mod_proxy_ajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ajp: Possible request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The httpd mod_proxy_ajp module is enabled by default on Red Hat Enterprise Linux 8, 9, and in RHSCL. However, there are no directives forwarding requests using the AJP protocol.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26377"
},
{
"category": "external",
"summary": "RHBZ#2094997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094997"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26377",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26377"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T09:58:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8067"
},
{
"category": "workaround",
"details": "Disabling mod_proxy_ajp and restarting httpd will mitigate this flaw.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_ajp: Possible request smuggling"
},
{
"cve": "CVE-2022-28614",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2095002"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_rputs and ap_rwrite functions can lead to an integer overflow and result in an out-of-bounds read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out-of-bounds read via ap_rwrite()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28614"
},
{
"category": "external",
"summary": "RHBZ#2095002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28614",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28614"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28614",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28614"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T09:58:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8067"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Out-of-bounds read via ap_rwrite()"
},
{
"cve": "CVE-2022-28615",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2095006"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_strcmp_match function can lead to an integer overflow and result in an out-of-bounds read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out-of-bounds read in ap_strcmp_match()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "According to upstream, no code distributed with the httpd server can exploit this flaw, however, third-party modules or Lua scripts that use the ap_strcmp_match function could potentially be affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28615"
},
{
"category": "external",
"summary": "RHBZ#2095006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28615"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28615",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28615"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T09:58:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8067"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Out-of-bounds read in ap_strcmp_match()"
},
{
"cve": "CVE-2022-29404",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2095012"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_lua module of httpd. A malicious request to a Lua script that calls parsebody(0) can lead to a denial of service due to no default limit on the possible input size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_lua: DoS in r:parsebody",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "httpd as shipped with Red Hat Enterprise Linux 6, is not affected by this flaw because it does not ship mod_lua.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29404"
},
{
"category": "external",
"summary": "RHBZ#2095012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095012"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29404"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29404",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29404"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-29404",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-29404"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T09:58:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8067"
},
{
"category": "workaround",
"details": "Disabling mod_lua and restarting httpd will mitigate this flaw.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_lua: DoS in r:parsebody"
},
{
"cve": "CVE-2022-30522",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2095015"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_sed module of httpd. A very large input to the mod_sed module can result in a denial of service due to excessively large memory allocations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_sed: DoS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The mod_sed module is disabled by default on Red Hat Enterprise Linux 7 and 8. The httpd package as shipped with Red Hat Enterprise Linux 6 is not affected by this flaw because the mod_sed module is not available.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30522"
},
{
"category": "external",
"summary": "RHBZ#2095015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095015"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30522"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30522",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30522"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T09:58:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8067"
},
{
"category": "workaround",
"details": "Disabling mod_sed and restating httpd will mitigate this flaw.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_sed: DoS vulnerability"
},
{
"cve": "CVE-2022-30556",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2095018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_lua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_lua: Information disclosure with websockets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "httpd as shipped with Red Hat Enterprise Linux 6, is not affected by this flaw because it does not ship mod_lua. Red Hat Enterprise Linux 7 is not affected by this flaw because the wsread function is not available.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30556"
},
{
"category": "external",
"summary": "RHBZ#2095018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30556"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30556",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30556"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T09:58:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8067"
},
{
"category": "workaround",
"details": "Disabling mod_lua and restarting httpd will mitigate this flaw.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_lua: Information disclosure with websockets"
},
{
"cve": "CVE-2022-31813",
"cwe": {
"id": "CWE-348",
"name": "Use of Less Trusted Source"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2095020"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_proxy module of httpd. The server may remove the X-Forwarded-* headers from a request based on the client-side Connection header hop-by-hop mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31813"
},
{
"category": "external",
"summary": "RHBZ#2095020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095020"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31813",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31813"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T09:58:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8067"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.src",
"AppStream-9.1.0.GA:httpd-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-core-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-debugsource-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-devel-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-filesystem-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-manual-0:2.4.53-7.el9.noarch",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:httpd-tools-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ldap-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_lua-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_proxy_html-debuginfo-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_session-debuginfo-0:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-1:2.4.53-7.el9.x86_64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.aarch64",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.ppc64le",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.s390x",
"AppStream-9.1.0.GA:mod_ssl-debuginfo-1:2.4.53-7.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.