rhsa-2023:3354
Vulnerability from csaf_redhat
Published
2023-06-05 12:30
Modified
2025-03-15 01:32
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update
Notes
Topic
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)
* curl: HSTS bypass via IDN (CVE-2022-43551)
* curl: HTTP Proxy deny use-after-free (CVE-2022-43552)
* curl: HSTS ignored on multiple requests (CVE-2023-23914)
* curl: HSTS amnesia with --parallel (CVE-2023-23915)
* curl: HTTP multi-header compression denial of service (CVE-2023-23916)
* curl: TELNET option IAC injection (CVE-2023-27533)
* curl: SFTP path ~ resolving discrepancy (CVE-2023-27534)
* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
* httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)\n* curl: HSTS bypass via IDN (CVE-2022-43551)\n* curl: HTTP Proxy deny use-after-free (CVE-2022-43552)\n* curl: HSTS ignored on multiple requests (CVE-2023-23914)\n* curl: HSTS amnesia with --parallel (CVE-2023-23915)\n* curl: HTTP multi-header compression denial of service (CVE-2023-23916)\n* curl: TELNET option IAC injection (CVE-2023-27533)\n* curl: SFTP path ~ resolving discrepancy (CVE-2023-27534)\n* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)\n* httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)\n* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)\n* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)\n* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)\n* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3354", url: "https://access.redhat.com/errata/RHSA-2023:3354", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2152639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2152639", }, { category: "external", summary: "2152652", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2152652", }, { category: "external", summary: "2161774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161774", }, { category: "external", summary: "2164440", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", }, { category: "external", summary: "2164487", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", }, { category: "external", summary: "2164492", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", }, { category: "external", summary: "2164494", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", }, { category: "external", summary: "2167797", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2167797", }, { category: "external", summary: "2167813", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2167813", }, { category: "external", summary: "2167815", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2167815", }, { category: "external", summary: "2169652", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169652", }, { category: "external", summary: "2176209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176209", }, { category: "external", summary: "2179062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179062", }, { category: "external", summary: "2179069", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179069", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3354.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update", tracking: { current_release_date: "2025-03-15T01:32:45+00:00", generator: { date: "2025-03-15T01:32:45+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:3354", initial_release_date: "2023-06-05T12:30:30+00:00", revision_history: [ { date: "2023-06-05T12:30:30+00:00", number: "1", summary: "Initial version", }, { date: "2023-07-18T17:32:46+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T01:32:45+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Core Services on RHEL 7 Server", product: { name: "Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1::el7", }, }, }, { category: "product_name", name: "Red Hat JBoss Core Services on RHEL 8", product: { name: "Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1::el8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", product: { name: "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", product_id: "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-14.el7jbcs?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", product: { name: "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", product_id: "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-curl@8.0.1-1.el7jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", product: { name: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", product_id: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-33.el7jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", product: { name: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", product_id: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-18.el7jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", product: { name: "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", product_id: "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39.el7jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", product: { name: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", product_id: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.18-2.el7jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", product: { name: "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", product_id: "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-24.el7jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", product: { name: "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", product_id: "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-20.el7jbcs?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", product: { name: "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", product_id: "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-23.el7jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", product: { name: "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", product_id: "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-46.redhat_1.el7jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", product_id: "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-101.el7jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", product: { name: "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", product_id: "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-14.el8jbcs?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", product: { name: "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", product_id: "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-curl@8.0.1-1.el8jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", product: { name: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", product_id: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-33.el8jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", product: { name: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", product_id: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-18.el8jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", product: { name: "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", product_id: "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39.el8jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", product: { name: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", product_id: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.18-2.el8jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", product: { name: "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", product_id: "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-20.el8jbcs?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", product: { name: "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", product_id: "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-24.el8jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", product: { name: "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", product_id: "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-23.el8jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", product: { name: "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", product_id: "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-46.redhat_1.el8jbcs?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", product_id: "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-101.el8jbcs?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", product_id: "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-14.el7jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", product_id: "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1k-14.el7jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", product_id: "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1k-14.el7jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", product_id: "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1k-14.el7jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", product_id: "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1k-14.el7jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", product_id: "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1k-14.el7jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", product: { name: "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", product_id: "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-curl@8.0.1-1.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", product: { name: "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", product_id: "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-libcurl@8.0.1-1.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", product: { name: "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", product_id: "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@8.0.1-1.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", product: { name: "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", product_id: "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@8.0.1-1.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", product_id: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-33.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", product_id: "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11-debuginfo@0.4.10-33.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", product_id: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-18.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", product_id: "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-chil-debuginfo@1.0.0-18.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", product: { name: "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", product_id: "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", product: { name: "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", product_id: "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.51-39.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", product: { name: "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", product_id: "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.51-39.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", product: { name: "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", product_id: "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.51-39.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", product: { name: "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", product_id: "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.51-39.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", product: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", product_id: "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.51-39.el7jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", product: { name: "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", product_id: "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.51-39.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", product: { name: "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", product_id: "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.51-39.el7jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", product: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", product_id: "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.51-39.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", product: { name: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", product_id: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.18-2.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", product: { name: "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", product_id: "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster-debuginfo@1.3.18-2.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", product: { name: "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", product_id: "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-24.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", product: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", product_id: "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.3-24.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", product: { name: "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", product_id: "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-20.el7jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", product: { name: "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", product_id: "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.4.0-20.el7jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", product: { name: "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", product_id: "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-23.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", product: { name: "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", product_id: "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.19-23.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", product: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", product_id: "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-46.redhat_1.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", product: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", product_id: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.48-46.redhat_1.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-101.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-101.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-101.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-101.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-101.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-101.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-101.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-101.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-101.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-101.el7jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", product_id: "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-14.el8jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", product_id: "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1k-14.el8jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", product_id: "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1k-14.el8jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", product_id: "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1k-14.el8jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", product_id: "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1k-14.el8jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", product_id: "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1k-14.el8jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", product_id: "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-libs-debuginfo@1.1.1k-14.el8jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", product: { name: "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", product_id: "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-curl@8.0.1-1.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", product: { name: "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", product_id: "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-libcurl@8.0.1-1.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", product: { name: "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", product_id: "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@8.0.1-1.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", product: { name: "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", product_id: "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@8.0.1-1.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", product: { name: "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", product_id: "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-libcurl-debuginfo@8.0.1-1.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", product_id: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-33.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", product_id: "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11-debuginfo@0.4.10-33.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", product_id: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-18.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", product: { name: "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", product_id: "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-chil-debuginfo@1.0.0-18.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", product: { name: "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", product_id: "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", product: { name: "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", product_id: "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.51-39.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", product: { name: "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", product_id: "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.51-39.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", product: { name: "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", product_id: "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.51-39.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.51-39.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.51-39.el8jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.51-39.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.51-39.el8jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", product: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", product_id: "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.51-39.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", product: { name: "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", product_id: "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-tools-debuginfo@2.4.51-39.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ldap-debuginfo@2.4.51-39.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html-debuginfo@2.4.51-39.el8jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_session-debuginfo@2.4.51-39.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ssl-debuginfo@2.4.51-39.el8jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.18-2.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster-debuginfo@1.3.18-2.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-20.el8jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.4.0-20.el8jbcs?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-24.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.3-24.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-23.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.19-23.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-46.redhat_1.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", product: { name: "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", product_id: "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24-debuginfo@1.2.48-46.redhat_1.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap-debuginfo@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql-debuginfo@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss-debuginfo@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc-debuginfo@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl-debuginfo@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql-debuginfo@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product: { name: "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_id: "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite-debuginfo@1.6.1-101.el8jbcs?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", product: { name: "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", product_id: "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.51-39.el7jbcs?arch=noarch", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", product: { name: "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", product_id: "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.51-39.el8jbcs?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", }, product_reference: "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", }, product_reference: "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", }, product_reference: "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", }, product_reference: "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", }, product_reference: "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", }, product_reference: "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", }, product_reference: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", }, product_reference: "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", }, product_reference: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", }, product_reference: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", }, product_reference: "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", }, product_reference: "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", }, product_reference: "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", }, product_reference: "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", }, product_reference: "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", }, product_reference: "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", }, product_reference: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", }, product_reference: "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", }, product_reference: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", }, product_reference: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", product_id: "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", }, product_reference: "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", relates_to_product_reference: "8Base-JBCS", }, ], }, vulnerabilities: [ { cve: "CVE-2006-20001", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-01-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2161774", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_dav module of httpd. A specially crafted \"If:\" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_dav: out-of-bounds read/write of zero byte", title: "Vulnerability summary", }, { category: "other", text: "This flaw only affects configurations with mod_dav loaded and configured. Also, if there is no WebDAV repository configured, the server is not affected and no further mitigation is needed. For more information about the mitigation, check the mitigation section below.\n\nThe httpd mod_dav module is enabled by default on Red Hat Enterprise Linux 6, 7, 8, 9, and in RHSCL. However, there is no WebDAV repository configured by default.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", ], known_not_affected: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-20001", }, { category: "external", summary: "RHBZ#2161774", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161774", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-20001", url: "https://www.cve.org/CVERecord?id=CVE-2006-20001", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-20001", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-20001", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2006-20001", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2006-20001", }, ], release_date: "2023-01-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-05T12:30:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3354", }, { category: "workaround", details: "Disabling mod_dav and restarting httpd will mitigate this flaw.", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_dav: out-of-bounds read/write of zero byte", }, { cve: "CVE-2022-4304", discovery_date: "2023-01-25T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2164487", }, ], notes: [ { category: "description", text: "A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE.", title: "Vulnerability description", }, { category: "summary", text: "openssl: timing attack in RSA Decryption implementation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], known_not_affected: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4304", }, { category: "external", summary: "RHBZ#2164487", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4304", url: "https://www.cve.org/CVERecord?id=CVE-2022-4304", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20230207.txt", url: "https://www.openssl.org/news/secadv/20230207.txt", }, ], release_date: "2023-02-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-05T12:30:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3354", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: timing attack in RSA Decryption implementation", }, { cve: "CVE-2022-4450", cwe: { id: "CWE-415", name: "Double Free", }, discovery_date: "2023-01-25T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2164494", }, ], notes: [ { category: "description", text: "A double-free vulnerability was found in OpenSSL's PEM_read_bio_ex function. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (for example, \"CERTIFICATE\"), any header data, and the payload data. If the function succeeds, then the \"name_out,\" \"header,\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. Constructing a PEM file that results in 0 bytes of payload data is possible. In this case, PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a freed buffer. A double-free will occur if the caller also frees this buffer. This will most likely lead to a crash. This could be exploited by an attacker who can supply malicious PEM files for parsing to achieve a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "openssl: double free after calling PEM_read_bio_ex", title: "Vulnerability summary", }, { category: "other", text: "This flaw is rated as having a Moderate impact as it is less easily exploited and is only vulnerable in unlikely configurations. Additionally, the upstream advisory (linked in External References) also rates it as Moderate.\n\nThe versions of `shim` as shipped with Red Hat Enterprise Linux 8 and 9 are shipping OpenSSL 1.1.1 and 1.0.2, which do not contain the incorrect code, so those are not affected by this CVE.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], known_not_affected: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4450", }, { category: "external", summary: "RHBZ#2164494", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4450", url: "https://www.cve.org/CVERecord?id=CVE-2022-4450", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20230207.txt", url: "https://www.openssl.org/news/secadv/20230207.txt", }, ], release_date: "2023-02-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-05T12:30:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3354", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: double free after calling PEM_read_bio_ex", }, { cve: "CVE-2022-25147", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2023-02-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2169652", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.", title: "Vulnerability description", }, { category: "summary", text: "apr-util: out-of-bounds writes in the apr_base64", title: "Vulnerability summary", }, { category: "other", text: "The Apache Portable Runtime Utility (APR-util) library contains additional utility interfaces for APR (Apache Portable Runtime). \nThis vulnerability is related to the incorrect usage of the base64 encoding/decoding family of functions through APR-util API.\nUsage of these functions with long enough string would cause integer overflow and will lead to out-of-bound write.\n\nThis flaw was rated with an important severity for a moment as Red Hat received information that this vulnerability potentially can allow remote attackers to cause a denial of service to the application linked to the APR-util library. Deep analysis confirmed that there are no known conditions that could lead to DoS. \nAdditionally the APR-util API should not be exposed to the untrusted uploads and usage.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", ], known_not_affected: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25147", }, { category: "external", summary: "RHBZ#2169652", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169652", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25147", url: "https://www.cve.org/CVERecord?id=CVE-2022-25147", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25147", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25147", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-05T12:30:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3354", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util: out-of-bounds writes in the apr_base64", }, { cve: "CVE-2022-43551", cwe: { id: "CWE-319", name: "Cleartext Transmission of Sensitive Information", }, discovery_date: "2022-12-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2152639", }, ], notes: [ { category: "description", text: "A vulnerability was found in curl. The issue can occur when curl's HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given URL first uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion. In that case, it can bypass the HSTS mechanism using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E). Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the information, IDN encoded but looked for it as IDN decoded.", title: "Vulnerability description", }, { category: "summary", text: "curl: HSTS bypass via IDN", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", ], known_not_affected: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-43551", }, { category: "external", summary: "RHBZ#2152639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2152639", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-43551", url: "https://www.cve.org/CVERecord?id=CVE-2022-43551", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-43551", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-43551", }, { category: "external", summary: "https://curl.se/docs/CVE-2022-43551.html", url: "https://curl.se/docs/CVE-2022-43551.html", }, ], release_date: "2022-12-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-05T12:30:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3354", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: HSTS bypass via IDN", }, { cve: "CVE-2022-43552", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2022-12-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2152652", }, ], notes: [ { category: "description", text: "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", title: "Vulnerability description", }, { category: "summary", text: "curl: Use-after-free triggered by an HTTP proxy deny response", title: "Vulnerability summary", }, { category: "other", text: "Potential successful exploitation will cause the curl to crash, which generates a low impact to the environment where the curl is used. Additionally, exploitation depends on the conditions that are out of the attacker's control, like usage of specific protocols (SMB or TELNET) and HTTP proxy tunnels at the same time. Due to these facts, this vulnerability has been classified as a Low severity issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", ], known_not_affected: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-43552", }, { category: "external", summary: "RHBZ#2152652", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2152652", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-43552", url: "https://www.cve.org/CVERecord?id=CVE-2022-43552", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-43552", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-43552", }, { category: "external", summary: "https://curl.se/docs/CVE-2022-43552.html", url: "https://curl.se/docs/CVE-2022-43552.html", }, ], release_date: "2022-12-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-05T12:30:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3354", }, { category: "workaround", details: "Avoid using the SMB and TELNET protocols.", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: Use-after-free triggered by an HTTP proxy deny response", }, { cve: "CVE-2023-0215", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-01-25T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2164492", }, ], notes: [ { category: "description", text: "A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "openssl: use-after-free following BIO_new_NDEF", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability has been rated as having a moderate impact in alignment with upstream. See the security advisory linked in external references.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], known_not_affected: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0215", }, { category: "external", summary: "RHBZ#2164492", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0215", url: "https://www.cve.org/CVERecord?id=CVE-2023-0215", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20230207.txt", url: "https://www.openssl.org/news/secadv/20230207.txt", }, ], release_date: "2023-02-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-05T12:30:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3354", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: use-after-free following BIO_new_NDEF", }, { cve: "CVE-2023-0286", cwe: { id: "CWE-704", name: "Incorrect Type Conversion or Cast", }, discovery_date: "2023-01-25T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2164440", }, ], notes: [ { category: "description", text: "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.", title: "Vulnerability description", }, { category: "summary", text: "openssl: X.400 address type confusion in X.509 GeneralName", title: "Vulnerability summary", }, { category: "other", text: "For shim in Red Hat Enterprise Linux 8 & 9, is not affected as shim doesn't support any CRL processing.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], known_not_affected: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0286", }, { category: "external", summary: "RHBZ#2164440", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0286", url: "https://www.cve.org/CVERecord?id=CVE-2023-0286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20230207.txt", url: "https://www.openssl.org/news/secadv/20230207.txt", }, ], release_date: "2023-02-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-05T12:30:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3354", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "openssl: X.400 address type confusion in X.509 GeneralName", }, { acknowledgments: [ { names: [ "Harry Sintonen", ], }, ], cve: "CVE-2023-23914", cwe: { id: "CWE-319", name: "Cleartext Transmission of Sensitive Information", }, discovery_date: "2023-02-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2167797", }, ], notes: [ { category: "description", text: "A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "curl: HSTS ignored on multiple requests", title: "Vulnerability summary", }, { category: "other", text: "This is a curl command line issue and does not affect libcurl.\nThere is no HSTS support in the versions of curl shipped in rhel-7 and rhel-8. Curl packages as shipped in rhel-9 do not support HSTS.\nUpstream has rated this as a Low Severity issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", ], known_not_affected: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-23914", }, { category: "external", summary: "RHBZ#2167797", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2167797", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-23914", url: "https://www.cve.org/CVERecord?id=CVE-2023-23914", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-23914", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-23914", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-23914.html", url: "https://curl.se/docs/CVE-2023-23914.html", }, ], release_date: "2023-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-05T12:30:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3354", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: HSTS ignored on multiple requests", }, { acknowledgments: [ { names: [ "Harry Sintonen", ], }, ], cve: "CVE-2023-23915", cwe: { id: "CWE-319", name: "Cleartext Transmission of Sensitive Information", }, discovery_date: "2023-02-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2167813", }, ], notes: [ { category: "description", text: "A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "curl: HSTS amnesia with --parallel", title: "Vulnerability summary", }, { category: "other", text: "There is no HSTS support in the versions of curl shipped in rhel-7 and rhel-8. Curl packages as shipped in rhel-9 do not support HSTS.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", ], known_not_affected: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-23915", }, { category: "external", summary: "RHBZ#2167813", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2167813", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-23915", url: "https://www.cve.org/CVERecord?id=CVE-2023-23915", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-23915", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-23915", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-23915.html", url: "https://curl.se/docs/CVE-2023-23915.html", }, ], release_date: "2023-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-05T12:30:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3354", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: HSTS amnesia with --parallel", }, { acknowledgments: [ { names: [ "Patrick Monnerat", ], }, ], cve: "CVE-2023-23916", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-02-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2167815", }, ], notes: [ { category: "description", text: "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", title: "Vulnerability description", }, { category: "summary", text: "curl: HTTP multi-header compression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", ], known_not_affected: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-23916", }, { category: "external", summary: "RHBZ#2167815", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2167815", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-23916", url: "https://www.cve.org/CVERecord?id=CVE-2023-23916", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-23916", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-23916", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-23916.html", url: "https://curl.se/docs/CVE-2023-23916.html", }, ], release_date: "2023-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-05T12:30:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3354", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: HTTP multi-header compression denial of service", }, { cve: "CVE-2023-25690", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2023-03-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2176209", }, ], notes: [ { category: "description", text: "A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.", title: "Vulnerability description", }, { category: "summary", text: "httpd: HTTP request splitting with mod_rewrite and mod_proxy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", ], known_not_affected: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-25690", }, { category: "external", summary: "RHBZ#2176209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-25690", url: "https://www.cve.org/CVERecord?id=CVE-2023-25690", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-25690", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-25690", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html", url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, ], release_date: "2023-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-05T12:30:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3354", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "httpd: HTTP request splitting with mod_rewrite and mod_proxy", }, { acknowledgments: [ { names: [ "Daniel Stenberg", "Harry Sintonen", ], }, ], cve: "CVE-2023-27533", cwe: { id: "CWE-75", name: "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)", }, discovery_date: "2023-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2179062", }, ], notes: [ { category: "description", text: "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", title: "Vulnerability description", }, { category: "summary", text: "curl: TELNET option IAC injection", title: "Vulnerability summary", }, { category: "other", text: "While this vulnerability exists in Curl, the potential impact is to a different component. The overall impact is limited to the telnet component. On its own this flaw has a limited to negligible effect on integrity of the entire system, therefore it has been rated as having a Low security impact. This is in alignment with upstream’s impact assessment, their advisory is linked in external references.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", ], known_not_affected: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27533", }, { category: "external", summary: "RHBZ#2179062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179062", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27533", url: "https://www.cve.org/CVERecord?id=CVE-2023-27533", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27533", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27533", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-27533.html", url: "https://curl.se/docs/CVE-2023-27533.html", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-05T12:30:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3354", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: TELNET option IAC injection", }, { acknowledgments: [ { names: [ "Daniel Stenberg", "Harry Sintonen", ], }, ], cve: "CVE-2023-27534", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2023-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2179069", }, ], notes: [ { category: "description", text: "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", title: "Vulnerability description", }, { category: "summary", text: "curl: SFTP path ~ resolving discrepancy", title: "Vulnerability summary", }, { category: "other", text: "In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", ], known_not_affected: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27534", }, { category: "external", summary: "RHBZ#2179069", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179069", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27534", url: "https://www.cve.org/CVERecord?id=CVE-2023-27534", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27534", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27534", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-27534.html", url: "https://curl.se/docs/CVE-2023-27534.html", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-05T12:30:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3354", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: SFTP path ~ resolving discrepancy", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.