rhsa-2023_3354
Vulnerability from csaf_redhat
Published
2023-06-05 12:30
Modified
2024-09-14 00:03
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update
Notes
Topic
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)
* curl: HSTS bypass via IDN (CVE-2022-43551)
* curl: HTTP Proxy deny use-after-free (CVE-2022-43552)
* curl: HSTS ignored on multiple requests (CVE-2023-23914)
* curl: HSTS amnesia with --parallel (CVE-2023-23915)
* curl: HTTP multi-header compression denial of service (CVE-2023-23916)
* curl: TELNET option IAC injection (CVE-2023-27533)
* curl: SFTP path ~ resolving discrepancy (CVE-2023-27534)
* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
* httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)\n* curl: HSTS bypass via IDN (CVE-2022-43551)\n* curl: HTTP Proxy deny use-after-free (CVE-2022-43552)\n* curl: HSTS ignored on multiple requests (CVE-2023-23914)\n* curl: HSTS amnesia with --parallel (CVE-2023-23915)\n* curl: HTTP multi-header compression denial of service (CVE-2023-23916)\n* curl: TELNET option IAC injection (CVE-2023-27533)\n* curl: SFTP path ~ resolving discrepancy (CVE-2023-27534)\n* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)\n* httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)\n* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)\n* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)\n* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)\n* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3354",
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2152639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152639"
},
{
"category": "external",
"summary": "2152652",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152652"
},
{
"category": "external",
"summary": "2161774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161774"
},
{
"category": "external",
"summary": "2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "external",
"summary": "2164487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164487"
},
{
"category": "external",
"summary": "2164492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164492"
},
{
"category": "external",
"summary": "2164494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164494"
},
{
"category": "external",
"summary": "2167797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167797"
},
{
"category": "external",
"summary": "2167813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167813"
},
{
"category": "external",
"summary": "2167815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167815"
},
{
"category": "external",
"summary": "2169652",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169652"
},
{
"category": "external",
"summary": "2176209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176209"
},
{
"category": "external",
"summary": "2179062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179062"
},
{
"category": "external",
"summary": "2179069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179069"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_3354.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update",
"tracking": {
"current_release_date": "2024-09-14T00:03:51+00:00",
"generator": {
"date": "2024-09-14T00:03:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:3354",
"initial_release_date": "2023-06-05T12:30:30+00:00",
"revision_history": [
{
"date": "2023-06-05T12:30:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-07-18T17:32:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-14T00:03:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 8",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"product_id": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-14.el7jbcs?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"product": {
"name": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"product_id": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.0.1-1.el7jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"product": {
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-33.el7jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"product": {
"name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-18.el7jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39.el7jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"product": {
"name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.18-2.el7jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"product_id": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-24.el7jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"product": {
"name": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"product_id": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-20.el7jbcs?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"product": {
"name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"product_id": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-23.el7jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"product": {
"name": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"product_id": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-46.redhat_1.el7jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-101.el7jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"product_id": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-14.el8jbcs?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"product": {
"name": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"product_id": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.0.1-1.el8jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"product": {
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-33.el8jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"product": {
"name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-18.el8jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39.el8jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"product": {
"name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.18-2.el8jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"product": {
"name": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"product_id": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-20.el8jbcs?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"product_id": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-24.el8jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"product": {
"name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"product_id": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-23.el8jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"product": {
"name": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"product_id": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-46.redhat_1.el8jbcs?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-101.el8jbcs?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-14.el7jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1k-14.el7jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1k-14.el7jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1k-14.el7jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1k-14.el7jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1k-14.el7jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.0.1-1.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@8.0.1-1.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@8.0.1-1.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@8.0.1-1.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-33.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11-debuginfo@0.4.10-33.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-18.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil-debuginfo@1.0.0-18.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.51-39.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.51-39.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.51-39.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.51-39.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.51-39.el7jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.51-39.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.51-39.el7jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.51-39.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.18-2.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster-debuginfo@1.3.18-2.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-24.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.3-24.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-20.el7jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.4.0-20.el7jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-23.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.19-23.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-46.redhat_1.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.48-46.redhat_1.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-101.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-101.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-101.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-101.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-101.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-101.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-101.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-101.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-101.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-101.el7jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1k-14.el8jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1k-14.el8jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1k-14.el8jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1k-14.el8jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1k-14.el8jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1k-14.el8jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs-debuginfo@1.1.1k-14.el8jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.0.1-1.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@8.0.1-1.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@8.0.1-1.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@8.0.1-1.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-debuginfo@8.0.1-1.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-33.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11-debuginfo@0.4.10-33.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-18.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil-debuginfo@1.0.0-18.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.51-39.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.51-39.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.51-39.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.51-39.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.51-39.el8jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.51-39.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.51-39.el8jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.51-39.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools-debuginfo@2.4.51-39.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap-debuginfo@2.4.51-39.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html-debuginfo@2.4.51-39.el8jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session-debuginfo@2.4.51-39.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl-debuginfo@2.4.51-39.el8jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.18-2.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster-debuginfo@1.3.18-2.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-20.el8jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.4.0-20.el8jbcs?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-24.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.3-24.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-23.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.19-23.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-46.redhat_1.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24-debuginfo@1.2.48-46.redhat_1.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap-debuginfo@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql-debuginfo@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss-debuginfo@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc-debuginfo@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl-debuginfo@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql-debuginfo@1.6.1-101.el8jbcs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_id": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite-debuginfo@1.6.1-101.el8jbcs?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.51-39.el7jbcs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.51-39.el8jbcs?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src"
},
"product_reference": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src"
},
"product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src"
},
"product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src"
},
"product_reference": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src"
},
"product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src"
},
"product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src"
},
"product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src"
},
"product_reference": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src"
},
"product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src"
},
"product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src"
},
"product_reference": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src"
},
"product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src"
},
"product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src"
},
"product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
"product_id": "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64",
"relates_to_product_reference": "8Base-JBCS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-20001",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-01-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161774"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_dav module of httpd. A specially crafted \"If:\" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_dav: out-of-bounds read/write of zero byte",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects configurations with mod_dav loaded and configured. Also, if there is no WebDAV repository configured, the server is not affected and no further mitigation is needed. For more information about the mitigation, check the mitigation section below.\n\nThe httpd mod_dav module is enabled by default on Red Hat Enterprise Linux 6, 7, 8, 9, and in RHSCL. However, there is no WebDAV repository configured by default.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64"
],
"known_not_affected": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-20001"
},
{
"category": "external",
"summary": "RHBZ#2161774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161774"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-20001",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-20001",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-20001"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2006-20001",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2006-20001"
}
],
"release_date": "2023-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
},
{
"category": "workaround",
"details": "Disabling mod_dav and restarting httpd will mitigate this flaw.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_dav: out-of-bounds read/write of zero byte"
},
{
"cve": "CVE-2022-4304",
"discovery_date": "2023-01-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164487"
}
],
"notes": [
{
"category": "description",
"text": "A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: timing attack in RSA Decryption implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
],
"known_not_affected": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4304"
},
{
"category": "external",
"summary": "RHBZ#2164487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164487"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: timing attack in RSA Decryption implementation"
},
{
"cve": "CVE-2022-4450",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164494"
}
],
"notes": [
{
"category": "description",
"text": "A double-free vulnerability was found in OpenSSL\u0027s PEM_read_bio_ex function. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (for example, \"CERTIFICATE\"), any header data, and the payload data. If the function succeeds, then the \"name_out,\" \"header,\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. Constructing a PEM file that results in 0 bytes of payload data is possible. In this case, PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a freed buffer. A double-free will occur if the caller also frees this buffer. This will most likely lead to a crash. This could be exploited by an attacker who can supply malicious PEM files for parsing to achieve a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: double free after calling PEM_read_bio_ex",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as having a Moderate impact as it is less easily exploited and is only vulnerable in unlikely configurations. Additionally, the upstream advisory (linked in External References) also rates it as Moderate.\n\nThe versions of `shim` as shipped with Red Hat Enterprise Linux 8 and 9 are shipping OpenSSL 1.1.1 and 1.0.2, which do not contain the incorrect code, so those are not affected by this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
],
"known_not_affected": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4450"
},
{
"category": "external",
"summary": "RHBZ#2164494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164494"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: double free after calling PEM_read_bio_ex"
},
{
"cve": "CVE-2022-25147",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2023-02-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169652"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: out-of-bounds writes in the apr_base64",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Apache Portable Runtime Utility (APR-util) library contains additional utility interfaces for APR (Apache Portable Runtime). \nThis vulnerability is related to the incorrect usage of the base64 encoding/decoding family of functions through APR-util API.\nUsage of these functions with long enough string would cause integer overflow and will lead to out-of-bound write.\n\nThis flaw was rated with an important severity for a moment as Red Hat received information that this vulnerability potentially can allow remote attackers to cause a denial of service to the application linked to the APR-util library. Deep analysis confirmed that there are no known conditions that could lead to DoS. \nAdditionally the APR-util API should not be exposed to the untrusted uploads and usage.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64"
],
"known_not_affected": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25147"
},
{
"category": "external",
"summary": "RHBZ#2169652",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169652"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25147"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: out-of-bounds writes in the apr_base64"
},
{
"cve": "CVE-2022-43551",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"discovery_date": "2022-12-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2152639"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in curl. The issue can occur when curl\u0027s HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given URL first uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion. In that case, it can bypass the HSTS mechanism using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E). Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the information, IDN encoded but looked for it as IDN decoded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: HSTS bypass via IDN",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
],
"known_not_affected": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-43551"
},
{
"category": "external",
"summary": "RHBZ#2152639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152639"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43551",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43551"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2022-43551.html",
"url": "https://curl.se/docs/CVE-2022-43551.html"
}
],
"release_date": "2022-12-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: HSTS bypass via IDN"
},
{
"cve": "CVE-2022-43552",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-12-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2152652"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: Use-after-free triggered by an HTTP proxy deny response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Potential successful exploitation will cause the curl to crash, which generates a low impact to the environment where the curl is used. Additionally, exploitation depends on the conditions that are out of the attacker\u0027s control, like usage of specific protocols (SMB or TELNET) and HTTP proxy tunnels at the same time. Due to these facts, this vulnerability has been classified as a Low severity issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
],
"known_not_affected": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-43552"
},
{
"category": "external",
"summary": "RHBZ#2152652",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152652"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43552",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43552"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2022-43552.html",
"url": "https://curl.se/docs/CVE-2022-43552.html"
}
],
"release_date": "2022-12-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
},
{
"category": "workaround",
"details": "Avoid using the SMB and TELNET protocols.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: Use-after-free triggered by an HTTP proxy deny response"
},
{
"cve": "CVE-2023-0215",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164492"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in OpenSSL\u0027s BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: use-after-free following BIO_new_NDEF",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as having a moderate impact in alignment with upstream. See the security advisory linked in external references.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
],
"known_not_affected": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0215"
},
{
"category": "external",
"summary": "RHBZ#2164492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: use-after-free following BIO_new_NDEF"
},
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164440"
}
],
"notes": [
{
"category": "description",
"text": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: X.400 address type confusion in X.509 GeneralName",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For shim in Red Hat Enterprise Linux 8 \u0026 9, is not affected as shim doesn\u0027t support any CRL processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
],
"known_not_affected": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0286"
},
{
"category": "external",
"summary": "RHBZ#2164440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230207.txt",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"release_date": "2023-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: X.400 address type confusion in X.509 GeneralName"
},
{
"acknowledgments": [
{
"names": [
"Harry Sintonen"
]
}
],
"cve": "CVE-2023-23914",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"discovery_date": "2023-02-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167797"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: HSTS ignored on multiple requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a curl command line issue and does not affect libcurl.\nThere is no HSTS support in the versions of curl shipped in rhel-7 and rhel-8. Curl packages as shipped in rhel-9 do not support HSTS.\nUpstream has rated this as a Low Severity issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
],
"known_not_affected": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23914"
},
{
"category": "external",
"summary": "RHBZ#2167797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167797"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23914"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2023-23914.html",
"url": "https://curl.se/docs/CVE-2023-23914.html"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: HSTS ignored on multiple requests"
},
{
"acknowledgments": [
{
"names": [
"Harry Sintonen"
]
}
],
"cve": "CVE-2023-23915",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"discovery_date": "2023-02-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167813"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: HSTS amnesia with --parallel",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There is no HSTS support in the versions of curl shipped in rhel-7 and rhel-8. Curl packages as shipped in rhel-9 do not support HSTS.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
],
"known_not_affected": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23915"
},
{
"category": "external",
"summary": "RHBZ#2167813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167813"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23915",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23915"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2023-23915.html",
"url": "https://curl.se/docs/CVE-2023-23915.html"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: HSTS amnesia with --parallel"
},
{
"acknowledgments": [
{
"names": [
"Patrick Monnerat"
]
}
],
"cve": "CVE-2023-23916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2167815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: HTTP multi-header compression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
],
"known_not_affected": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23916"
},
{
"category": "external",
"summary": "RHBZ#2167815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23916",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23916"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2023-23916.html",
"url": "https://curl.se/docs/CVE-2023-23916.html"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: HTTP multi-header compression denial of service"
},
{
"cve": "CVE-2023-25690",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-03-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2176209"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: HTTP request splitting with mod_rewrite and mod_proxy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64"
],
"known_not_affected": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25690"
},
{
"category": "external",
"summary": "RHBZ#2176209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25690",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25690"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2023-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: HTTP request splitting with mod_rewrite and mod_proxy"
},
{
"acknowledgments": [
{
"names": [
"Daniel Stenberg",
"Harry Sintonen"
]
}
],
"cve": "CVE-2023-27533",
"cwe": {
"id": "CWE-75",
"name": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)"
},
"discovery_date": "2023-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2179062"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application\u0027s intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: TELNET option IAC injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this vulnerability exists in Curl, the potential impact is to a different component. The overall impact is limited to the telnet component. On its own this flaw has a limited to negligible effect on integrity of the entire system, therefore it has been rated as having a Low security impact. This is in alignment with upstream\u2019s impact assessment, their advisory is linked in external references.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
],
"known_not_affected": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27533"
},
{
"category": "external",
"summary": "RHBZ#2179062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27533",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27533"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2023-27533.html",
"url": "https://curl.se/docs/CVE-2023-27533.html"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: TELNET option IAC injection"
},
{
"acknowledgments": [
{
"names": [
"Daniel Stenberg",
"Harry Sintonen"
]
}
],
"cve": "CVE-2023-27534",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2023-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2179069"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user\u0027s home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: SFTP path ~ resolving discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
],
"known_not_affected": [
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el7jbcs.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-46.redhat_1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-101.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.51-39.el8jbcs.noarch",
"8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-23.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-46.redhat_1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-46.redhat_1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-20.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.18-2.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-24.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.51-39.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-18.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1k-14.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-33.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1k-14.el8jbcs.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27534"
},
{
"category": "external",
"summary": "RHBZ#2179069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27534"
},
{
"category": "external",
"summary": "https://curl.se/docs/CVE-2023-27534.html",
"url": "https://curl.se/docs/CVE-2023-27534.html"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3354"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.src",
"7Server-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el7jbcs.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el7jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.src",
"8Base-JBCS:jbcs-httpd24-curl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.0.1-1.el8jbcs.x86_64",
"8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.0.1-1.el8jbcs.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: SFTP path ~ resolving discrepancy"
}
]
}
Loading...