rhsa-2023_3354
Vulnerability from csaf_redhat
Published
2023-06-05 12:30
Modified
2024-11-15 17:18
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update
Notes
Topic
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)
* curl: HSTS bypass via IDN (CVE-2022-43551)
* curl: HTTP Proxy deny use-after-free (CVE-2022-43552)
* curl: HSTS ignored on multiple requests (CVE-2023-23914)
* curl: HSTS amnesia with --parallel (CVE-2023-23915)
* curl: HTTP multi-header compression denial of service (CVE-2023-23916)
* curl: TELNET option IAC injection (CVE-2023-27533)
* curl: SFTP path ~ resolving discrepancy (CVE-2023-27534)
* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
* httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)\n* curl: HSTS bypass via IDN (CVE-2022-43551)\n* curl: HTTP Proxy deny use-after-free (CVE-2022-43552)\n* curl: HSTS ignored on multiple requests (CVE-2023-23914)\n* curl: HSTS amnesia with --parallel (CVE-2023-23915)\n* curl: HTTP multi-header compression denial of service (CVE-2023-23916)\n* curl: TELNET option IAC injection (CVE-2023-27533)\n* curl: SFTP path ~ resolving discrepancy (CVE-2023-27534)\n* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)\n* httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)\n* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)\n* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)\n* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)\n* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:3354", "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2152639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152639" }, { "category": "external", "summary": "2152652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152652" }, { "category": "external", "summary": "2161774", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161774" }, { "category": "external", "summary": "2164440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440" }, { "category": "external", "summary": "2164487", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164487" }, { "category": "external", "summary": "2164492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164492" }, { "category": "external", "summary": "2164494", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164494" }, { "category": "external", "summary": "2167797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167797" }, { "category": "external", "summary": "2167813", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167813" }, { "category": "external", "summary": "2167815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167815" }, { "category": "external", "summary": "2169652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169652" }, { "category": "external", "summary": "2176209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176209" }, { "category": "external", "summary": "2179062", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179062" }, { "category": "external", "summary": "2179069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179069" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3354.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update", "tracking": { "current_release_date": "2024-11-15T17:18:13+00:00", "generator": { "date": "2024-11-15T17:18:13+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:3354", "initial_release_date": "2023-06-05T12:30:30+00:00", "revision_history": [ { "date": "2023-06-05T12:30:30+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-07-18T17:32:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T17:18:13+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product": { "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el7" } } }, { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 8", "product": { "name": "Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "product_id": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-14.el7jbcs?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "product": { "name": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "product_id": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.0.1-1.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-33.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-18.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "product_id": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.18-2.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-24.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "product_id": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-20.el7jbcs?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-23.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-46.redhat_1.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-101.el7jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "product_id": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-14.el8jbcs?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "product": { "name": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "product_id": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.0.1-1.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-33.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-18.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "product_id": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.18-2.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "product_id": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-20.el8jbcs?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-24.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-23.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-46.redhat_1.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-101.el8jbcs?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-14.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1k-14.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1k-14.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1k-14.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1k-14.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1k-14.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.0.1-1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@8.0.1-1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@8.0.1-1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@8.0.1-1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-33.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11-debuginfo@0.4.10-33.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-18.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil-debuginfo@1.0.0-18.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.51-39.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.51-39.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.51-39.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.51-39.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.51-39.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.51-39.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.51-39.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.51-39.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.18-2.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster-debuginfo@1.3.18-2.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-24.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.3-24.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-20.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.4.0-20.el7jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-23.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.19-23.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-46.redhat_1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.48-46.redhat_1.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-101.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-101.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-101.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-101.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-101.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-101.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-101.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-101.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-101.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-101.el7jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-14.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1k-14.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1k-14.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1k-14.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1k-14.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1k-14.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs-debuginfo@1.1.1k-14.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.0.1-1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@8.0.1-1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@8.0.1-1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@8.0.1-1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-debuginfo@8.0.1-1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-33.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11-debuginfo@0.4.10-33.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-18.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil-debuginfo@1.0.0-18.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.51-39.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.51-39.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.51-39.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.51-39.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.51-39.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.51-39.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.51-39.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.51-39.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools-debuginfo@2.4.51-39.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap-debuginfo@2.4.51-39.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html-debuginfo@2.4.51-39.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session-debuginfo@2.4.51-39.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl-debuginfo@2.4.51-39.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.18-2.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster-debuginfo@1.3.18-2.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-20.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.4.0-20.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-24.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.3-24.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-23.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.19-23.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-46.redhat_1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24-debuginfo@1.2.48-46.redhat_1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap-debuginfo@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql-debuginfo@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss-debuginfo@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc-debuginfo@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl-debuginfo@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql-debuginfo@1.6.1-101.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite-debuginfo@1.6.1-101.el8jbcs?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.51-39.el7jbcs?arch=noarch" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.51-39.el8jbcs?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src" }, "product_reference": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src" }, "product_reference": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" } ] }, "vulnerabilities": [ { "cve": "CVE-2006-20001", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2023-01-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2161774" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mod_dav module of httpd. A specially crafted \"If:\" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_dav: out-of-bounds read/write of zero byte", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects configurations with mod_dav loaded and configured. Also, if there is no WebDAV repository configured, the server is not affected and no further mitigation is needed. For more information about the mitigation, check the mitigation section below.\n\nThe httpd mod_dav module is enabled by default on Red Hat Enterprise Linux 6, 7, 8, 9, and in RHSCL. However, there is no WebDAV repository configured by default.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-20001" }, { "category": "external", "summary": "RHBZ#2161774", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161774" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-20001", "url": "https://www.cve.org/CVERecord?id=CVE-2006-20001" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-20001", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-20001" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2006-20001", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2006-20001" } ], "release_date": "2023-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T12:30:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "category": "workaround", "details": "Disabling mod_dav and restarting httpd will mitigate this flaw.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_dav: out-of-bounds read/write of zero byte" }, { "cve": "CVE-2022-4304", "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164487" } ], "notes": [ { "category": "description", "text": "A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: timing attack in RSA Decryption implementation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4304" }, { "category": "external", "summary": "RHBZ#2164487", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164487" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4304", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20230207.txt", "url": "https://www.openssl.org/news/secadv/20230207.txt" } ], "release_date": "2023-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T12:30:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3354" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: timing attack in RSA Decryption implementation" }, { "cve": "CVE-2022-4450", "cwe": { "id": "CWE-415", "name": "Double Free" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164494" } ], "notes": [ { "category": "description", "text": "A double-free vulnerability was found in OpenSSL\u0027s PEM_read_bio_ex function. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (for example, \"CERTIFICATE\"), any header data, and the payload data. If the function succeeds, then the \"name_out,\" \"header,\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. Constructing a PEM file that results in 0 bytes of payload data is possible. In this case, PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a freed buffer. A double-free will occur if the caller also frees this buffer. This will most likely lead to a crash. This could be exploited by an attacker who can supply malicious PEM files for parsing to achieve a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: double free after calling PEM_read_bio_ex", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as having a Moderate impact as it is less easily exploited and is only vulnerable in unlikely configurations. Additionally, the upstream advisory (linked in External References) also rates it as Moderate.\n\nThe versions of `shim` as shipped with Red Hat Enterprise Linux 8 and 9 are shipping OpenSSL 1.1.1 and 1.0.2, which do not contain the incorrect code, so those are not affected by this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4450" }, { "category": "external", "summary": "RHBZ#2164494", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164494" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4450", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20230207.txt", "url": "https://www.openssl.org/news/secadv/20230207.txt" } ], "release_date": "2023-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T12:30:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3354" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: double free after calling PEM_read_bio_ex" }, { "cve": "CVE-2022-25147", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2023-02-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2169652" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr-util: out-of-bounds writes in the apr_base64", "title": "Vulnerability summary" }, { "category": "other", "text": "The Apache Portable Runtime Utility (APR-util) library contains additional utility interfaces for APR (Apache Portable Runtime). \nThis vulnerability is related to the incorrect usage of the base64 encoding/decoding family of functions through APR-util API.\nUsage of these functions with long enough string would cause integer overflow and will lead to out-of-bound write.\n\nThis flaw was rated with an important severity for a moment as Red Hat received information that this vulnerability potentially can allow remote attackers to cause a denial of service to the application linked to the APR-util library. Deep analysis confirmed that there are no known conditions that could lead to DoS. \nAdditionally the APR-util API should not be exposed to the untrusted uploads and usage.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25147" }, { "category": "external", "summary": "RHBZ#2169652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169652" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25147", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25147" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25147", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25147" } ], "release_date": "2023-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T12:30:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3354" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr-util: out-of-bounds writes in the apr_base64" }, { "cve": "CVE-2022-43551", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "discovery_date": "2022-12-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2152639" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in curl. The issue can occur when curl\u0027s HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given URL first uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion. In that case, it can bypass the HSTS mechanism using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E). Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the information, IDN encoded but looked for it as IDN decoded.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: HSTS bypass via IDN", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43551" }, { "category": "external", "summary": "RHBZ#2152639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152639" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43551", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43551" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43551", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43551" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2022-43551.html", "url": "https://curl.se/docs/CVE-2022-43551.html" } ], "release_date": "2022-12-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T12:30:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3354" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: HSTS bypass via IDN" }, { "cve": "CVE-2022-43552", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-12-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2152652" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: Use-after-free triggered by an HTTP proxy deny response", "title": "Vulnerability summary" }, { "category": "other", "text": "Potential successful exploitation will cause the curl to crash, which generates a low impact to the environment where the curl is used. Additionally, exploitation depends on the conditions that are out of the attacker\u0027s control, like usage of specific protocols (SMB or TELNET) and HTTP proxy tunnels at the same time. Due to these facts, this vulnerability has been classified as a Low severity issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43552" }, { "category": "external", "summary": "RHBZ#2152652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152652" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43552", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43552" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43552", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43552" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2022-43552.html", "url": "https://curl.se/docs/CVE-2022-43552.html" } ], "release_date": "2022-12-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T12:30:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "category": "workaround", "details": "Avoid using the SMB and TELNET protocols.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: Use-after-free triggered by an HTTP proxy deny response" }, { "cve": "CVE-2023-0215", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164492" } ], "notes": [ { "category": "description", "text": "A use-after-free vulnerability was found in OpenSSL\u0027s BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: use-after-free following BIO_new_NDEF", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability has been rated as having a moderate impact in alignment with upstream. See the security advisory linked in external references.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0215" }, { "category": "external", "summary": "RHBZ#2164492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164492" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0215", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20230207.txt", "url": "https://www.openssl.org/news/secadv/20230207.txt" } ], "release_date": "2023-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T12:30:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3354" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: use-after-free following BIO_new_NDEF" }, { "cve": "CVE-2023-0286", "cwe": { "id": "CWE-704", "name": "Incorrect Type Conversion or Cast" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164440" } ], "notes": [ { "category": "description", "text": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: X.400 address type confusion in X.509 GeneralName", "title": "Vulnerability summary" }, { "category": "other", "text": "For shim in Red Hat Enterprise Linux 8 \u0026 9, is not affected as shim doesn\u0027t support any CRL processing.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0286" }, { "category": "external", "summary": "RHBZ#2164440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0286", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20230207.txt", "url": "https://www.openssl.org/news/secadv/20230207.txt" } ], "release_date": "2023-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T12:30:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: X.400 address type confusion in X.509 GeneralName" }, { "acknowledgments": [ { "names": [ "Harry Sintonen" ] } ], "cve": "CVE-2023-23914", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "discovery_date": "2023-02-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2167797" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: HSTS ignored on multiple requests", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a curl command line issue and does not affect libcurl.\nThere is no HSTS support in the versions of curl shipped in rhel-7 and rhel-8. Curl packages as shipped in rhel-9 do not support HSTS.\nUpstream has rated this as a Low Severity issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23914" }, { "category": "external", "summary": "RHBZ#2167797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167797" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23914", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23914" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23914", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23914" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-23914.html", "url": "https://curl.se/docs/CVE-2023-23914.html" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T12:30:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3354" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: HSTS ignored on multiple requests" }, { "acknowledgments": [ { "names": [ "Harry Sintonen" ] } ], "cve": "CVE-2023-23915", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "discovery_date": "2023-02-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2167813" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: HSTS amnesia with --parallel", "title": "Vulnerability summary" }, { "category": "other", "text": "There is no HSTS support in the versions of curl shipped in rhel-7 and rhel-8. Curl packages as shipped in rhel-9 do not support HSTS.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23915" }, { "category": "external", "summary": "RHBZ#2167813", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167813" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23915", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23915" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23915", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23915" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-23915.html", "url": "https://curl.se/docs/CVE-2023-23915.html" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T12:30:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3354" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: HSTS amnesia with --parallel" }, { "acknowledgments": [ { "names": [ "Patrick Monnerat" ] } ], "cve": "CVE-2023-23916", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-02-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2167815" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: HTTP multi-header compression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23916" }, { "category": "external", "summary": "RHBZ#2167815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167815" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23916", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23916" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23916" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-23916.html", "url": "https://curl.se/docs/CVE-2023-23916.html" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T12:30:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3354" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: HTTP multi-header compression denial of service" }, { "cve": "CVE-2023-25690", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2023-03-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2176209" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: HTTP request splitting with mod_rewrite and mod_proxy", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25690" }, { "category": "external", "summary": "RHBZ#2176209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176209" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25690", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25690" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2023-03-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T12:30:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3354" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: HTTP request splitting with mod_rewrite and mod_proxy" }, { "acknowledgments": [ { "names": [ "Daniel Stenberg", "Harry Sintonen" ] } ], "cve": "CVE-2023-27533", "cwe": { "id": "CWE-75", "name": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)" }, "discovery_date": "2023-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2179062" } ], "notes": [ { "category": "description", "text": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application\u0027s intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: TELNET option IAC injection", "title": "Vulnerability summary" }, { "category": "other", "text": "While this vulnerability exists in Curl, the potential impact is to a different component. The overall impact is limited to the telnet component. On its own this flaw has a limited to negligible effect on integrity of the entire system, therefore it has been rated as having a Low security impact. This is in alignment with upstream\u2019s impact assessment, their advisory is linked in external references.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27533" }, { "category": "external", "summary": "RHBZ#2179062", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179062" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27533", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27533" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27533", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27533" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-27533.html", "url": "https://curl.se/docs/CVE-2023-27533.html" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T12:30:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3354" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: TELNET option IAC injection" }, { "acknowledgments": [ { "names": [ "Daniel Stenberg", "Harry Sintonen" ] } ], "cve": "CVE-2023-27534", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2023-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2179069" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user\u0027s home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: SFTP path ~ resolving discrepancy", "title": "Vulnerability summary" }, { "category": "other", "text": "In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ], "known_not_affected": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27534" }, { "category": "external", "summary": "RHBZ#2179069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179069" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27534", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27534" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27534", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27534" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-27534.html", "url": "https://curl.se/docs/CVE-2023-27534.html" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T12:30:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3354" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src", "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: SFTP path ~ resolving discrepancy" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.