Vulnerability-Lookup

RHSA-2023_4629

Vulnerability from csaf_redhat - Published: 2023-08-15 17:43 - Updated: 2024-11-22 23:46

Summary

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

Severity

Moderate

Notes

Topic: An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. Security Fix(es): * apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760) * httpd: mod_proxy: HTTP response splitting (CVE-2022-37436) * mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279) * modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021) * httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522) * curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319) * curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321) * curl: more POST-after-PUT confusion (CVE-2023-28322) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2022-24963

A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64	—	Vendor Fix fix

Known not affected 97 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64		—

Threats

Impact Moderate

CVE-2022-36760

A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 27 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix

Known not affected 78 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64		—

Threats

Impact Moderate

CVE-2022-37436

A flaw was found in the mod_proxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Affected products

Fixed 27 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround

Known not affected 78 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64	—	Workaround

Threats

Impact Moderate

CVE-2022-48279

A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity (C language) codebase.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-1389 - Incorrect Parsing of Numbers with Different Radices

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64	—	Vendor Fix fix

Known not affected 99 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64		—

Threats

Impact Moderate

CVE-2023-24021

A vulnerability was found in ModSecurity. This issue occurs when FILES_TMP_CONTENT lacks complete content, which can lead to a Web Application Firewall bypass.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64	—	Vendor Fix fix

Known not affected 99 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64		—

Threats

Impact Moderate

CVE-2023-27522

An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Affected products

Fixed 27 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64	—	Vendor Fix fix Workaround

Known not affected 78 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64	—	Workaround
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64	—	Workaround
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64	—	Workaround

Threats

Impact Moderate

CVE-2023-28319

A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-416 - Use After Free

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix

Known not affected 94 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64		—

Threats

Impact Moderate

CVE-2023-28321

A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-295 - Improper Certificate Validation

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix

Known not affected 94 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64		—

Threats

Impact Moderate

CVE-2023-28322

A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-440 - Expected Behavior Violation

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64	—	Vendor Fix fix

Known not affected 94 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64		—
Unresolved product id: 8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64		—

Threats

Impact Low

References

55 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:4629	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2161773	external
https://bugzilla.redhat.com/show_bug.cgi?id=2161777	external
https://bugzilla.redhat.com/show_bug.cgi?id=2163615	external
https://bugzilla.redhat.com/show_bug.cgi?id=2163622	external
https://bugzilla.redhat.com/show_bug.cgi?id=2169465	external
https://bugzilla.redhat.com/show_bug.cgi?id=2176211	external
https://bugzilla.redhat.com/show_bug.cgi?id=2196778	external
https://bugzilla.redhat.com/show_bug.cgi?id=2196786	external
https://bugzilla.redhat.com/show_bug.cgi?id=2196793	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-24963	self
https://bugzilla.redhat.com/show_bug.cgi?id=2169465	external
https://www.cve.org/CVERecord?id=CVE-2022-24963	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24963	external
https://lists.apache.org/thread/fw9p6sdncwsjkstwc…	external
https://access.redhat.com/security/cve/CVE-2022-36760	self
https://bugzilla.redhat.com/show_bug.cgi?id=2161777	external
https://www.cve.org/CVERecord?id=CVE-2022-36760	external
https://nvd.nist.gov/vuln/detail/CVE-2022-36760	external
https://httpd.apache.org/security/vulnerabilities…	external
https://access.redhat.com/security/cve/CVE-2022-37436	self
https://bugzilla.redhat.com/show_bug.cgi?id=2161773	external
https://www.cve.org/CVERecord?id=CVE-2022-37436	external
https://nvd.nist.gov/vuln/detail/CVE-2022-37436	external
https://httpd.apache.org/security/vulnerabilities…	external
https://access.redhat.com/security/cve/CVE-2022-48279	self
https://bugzilla.redhat.com/show_bug.cgi?id=2163622	external
https://www.cve.org/CVERecord?id=CVE-2022-48279	external
https://nvd.nist.gov/vuln/detail/CVE-2022-48279	external
https://access.redhat.com/security/cve/CVE-2023-24021	self
https://bugzilla.redhat.com/show_bug.cgi?id=2163615	external
https://www.cve.org/CVERecord?id=CVE-2023-24021	external
https://nvd.nist.gov/vuln/detail/CVE-2023-24021	external
https://access.redhat.com/security/cve/CVE-2023-27522	self
https://bugzilla.redhat.com/show_bug.cgi?id=2176211	external
https://www.cve.org/CVERecord?id=CVE-2023-27522	external
https://nvd.nist.gov/vuln/detail/CVE-2023-27522	external
https://httpd.apache.org/security/vulnerabilities…	external
https://access.redhat.com/security/cve/CVE-2023-28319	self
https://bugzilla.redhat.com/show_bug.cgi?id=2196778	external
https://www.cve.org/CVERecord?id=CVE-2023-28319	external
https://nvd.nist.gov/vuln/detail/CVE-2023-28319	external
https://curl.se/docs/CVE-2023-28319.html	external
https://access.redhat.com/security/cve/CVE-2023-28321	self
https://bugzilla.redhat.com/show_bug.cgi?id=2196786	external
https://www.cve.org/CVERecord?id=CVE-2023-28321	external
https://nvd.nist.gov/vuln/detail/CVE-2023-28321	external
https://curl.se/docs/CVE-2023-28321.html	external
https://access.redhat.com/security/cve/CVE-2023-28322	self
https://bugzilla.redhat.com/show_bug.cgi?id=2196793	external
https://www.cve.org/CVERecord?id=CVE-2023-28322	external
https://nvd.nist.gov/vuln/detail/CVE-2023-28322	external
https://curl.se/docs/CVE-2023-28322.html	external

Acknowledgments

Wei Chong Tan Daniel Stenberg

Hiroki Kurosawa Daniel Stenberg

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Core Services.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)\n\n* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)\n\n* mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279)\n\n* modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021)\n\n* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)\n\n* curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319)\n\n* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)\n\n* curl: more POST-after-PUT confusion (CVE-2023-28322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:4629",
        "url": "https://access.redhat.com/errata/RHSA-2023:4629"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2161773",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161773"
      },
      {
        "category": "external",
        "summary": "2161777",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161777"
      },
      {
        "category": "external",
        "summary": "2163615",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163615"
      },
      {
        "category": "external",
        "summary": "2163622",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163622"
      },
      {
        "category": "external",
        "summary": "2169465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465"
      },
      {
        "category": "external",
        "summary": "2176211",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176211"
      },
      {
        "category": "external",
        "summary": "2196778",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196778"
      },
      {
        "category": "external",
        "summary": "2196786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786"
      },
      {
        "category": "external",
        "summary": "2196793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4629.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update",
    "tracking": {
      "current_release_date": "2024-11-22T23:46:32+00:00",
      "generator": {
        "date": "2024-11-22T23:46:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2023:4629",
      "initial_release_date": "2023-08-15T17:43:48+00:00",
      "revision_history": [
        {
          "date": "2023-08-15T17:43:48+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-08-15T17:43:48+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T23:46:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Core Services on RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss Core Services on RHEL 7 Server",
                  "product_id": "7Server-JBCS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:1::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Core Services on RHEL 8",
                "product": {
                  "name": "Red Hat JBoss Core Services on RHEL 8",
                  "product_id": "8Base-JBCS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:1::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Core Services"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
                  "product_id": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.2.1-1.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
                  "product_id": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.7.0-8.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
                  "product_id": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-102.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-5.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
                  "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-28.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
                  "product_id": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-51.redhat_1.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
                  "product_id": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-25.el7jbcs?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
                  "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.19-4.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
                  "product_id": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-29.el7jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
                  "product_id": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.2.1-1.el8jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
                  "product_id": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.7.0-8.el8jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
                  "product_id": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-102.el8jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-5.el8jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
                  "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-28.el8jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
                  "product_id": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-51.redhat_1.el8jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
                  "product_id": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-25.el8jbcs?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
                  "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.19-4.el8jbcs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
                "product": {
                  "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
                  "product_id": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-29.el8jbcs?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.2.1-1.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@8.2.1-1.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@8.2.1-1.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@8.2.1-1.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.7.0-8.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.7.0-8.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.7.0-8.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-102.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-102.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-102.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-102.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-102.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-102.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-102.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-102.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-102.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-102.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-5.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.57-5.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.57-5.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.57-5.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.57-5.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.57-5.el7jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.57-5.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.57-5.el7jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.57-5.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-28.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.19-28.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-51.redhat_1.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.48-51.redhat_1.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-25.el7jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.4.0-25.el7jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.19-4.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster-debuginfo@1.3.19-4.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-29.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.3-29.el7jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@8.2.1-1.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@8.2.1-1.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@8.2.1-1.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@8.2.1-1.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-debuginfo@8.2.1-1.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.7.0-8.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.7.0-8.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.7.0-8.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap-debuginfo@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql-debuginfo@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss-debuginfo@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc-debuginfo@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl-debuginfo@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql-debuginfo@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite-debuginfo@1.6.1-102.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-5.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.57-5.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.57-5.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.57-5.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.57-5.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.57-5.el8jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.57-5.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.57-5.el8jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.57-5.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools-debuginfo@2.4.57-5.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap-debuginfo@2.4.57-5.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html-debuginfo@2.4.57-5.el8jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session-debuginfo@2.4.57-5.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl-debuginfo@2.4.57-5.el8jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.19-28.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.19-28.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-51.redhat_1.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24-debuginfo@1.2.48-51.redhat_1.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.0-25.el8jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.4.0-25.el8jbcs?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster@1.3.19-4.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_cluster-debuginfo@1.3.19-4.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.3-29.el8jbcs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64",
                  "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.3-29.el8jbcs?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
                "product": {
                  "name": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
                  "product_id": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.57-5.el7jbcs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
                "product": {
                  "name": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
                  "product_id": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.57-5.el8jbcs?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch"
        },
        "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch"
        },
        "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src"
        },
        "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8",
          "product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
        "relates_to_product_reference": "8Base-JBCS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-24963",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2023-02-13T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2169465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apr: integer overflow/wraparound in apr_encode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64"
        ],
        "known_not_affected": [
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24963"
        },
        {
          "category": "external",
          "summary": "RHBZ#2169465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24963",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24963"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24963"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9",
          "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
        }
      ],
      "release_date": "2023-01-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-08-15T17:43:48+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4629"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apr: integer overflow/wraparound in apr_encode"
    },
    {
      "cve": "CVE-2022-36760",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2023-01-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2161777"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_ajp: Possible request smuggling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw only affects configurations with mod_proxy_ajp loaded and with an AJP backend configured. If there is no proxy configured to an AJP backend the server is not affected and no further mitigation is needed. For more information about the mitigation, check the mitigation section below.\n\nThe httpd mod_proxy_ajp module is enabled by default on Red Hat Enterprise Linux 6, 7, 8, 9, and in RHSCL. However, there are no directives forwarding requests using the AJP protocol.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
        ],
        "known_not_affected": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-36760"
        },
        {
          "category": "external",
          "summary": "RHBZ#2161777",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161777"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-36760",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36760",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36760"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760"
        }
      ],
      "release_date": "2023-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-08-15T17:43:48+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4629"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_proxy_ajp: Possible request smuggling"
    },
    {
      "cve": "CVE-2022-37436",
      "cwe": {
        "id": "CWE-113",
        "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
      },
      "discovery_date": "2023-01-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2161773"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mod_proxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy: HTTP response splitting",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is only exploitable via bad headers generated by a malicious backend or a malicious application.\n\nhttpd as shipped in Red Hat Enterprise Linux 7, 8, 9 and in RHSCL is vulnerable to this flaw. httpd as shipped in Red Hat Enterprise Linux 6 is not affected.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
        ],
        "known_not_affected": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-37436"
        },
        {
          "category": "external",
          "summary": "RHBZ#2161773",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161773"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37436",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37436",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37436"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436"
        }
      ],
      "release_date": "2023-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-08-15T17:43:48+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4629"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. It\u0027s recommended to update the affected packages as soon as an update is available.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_proxy: HTTP response splitting"
    },
    {
      "cve": "CVE-2022-48279",
      "cwe": {
        "id": "CWE-1389",
        "name": "Incorrect Parsing of Numbers with Different Radices"
      },
      "discovery_date": "2023-01-24T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2163622"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity (C language) codebase.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64"
        ],
        "known_not_affected": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-48279"
        },
        {
          "category": "external",
          "summary": "RHBZ#2163622",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163622"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-48279",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-48279"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48279",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48279"
        }
      ],
      "release_date": "2023-01-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-08-15T17:43:48+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4629"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass"
    },
    {
      "cve": "CVE-2023-24021",
      "cwe": {
        "id": "CWE-402",
        "name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
      },
      "discovery_date": "2023-01-24T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2163615"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in ModSecurity. This issue occurs when FILES_TMP_CONTENT lacks complete content, which can lead to a Web Application Firewall bypass.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64"
        ],
        "known_not_affected": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24021"
        },
        {
          "category": "external",
          "summary": "RHBZ#2163615",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163615"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24021",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24021"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24021",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24021"
        }
      ],
      "release_date": "2023-01-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-08-15T17:43:48+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4629"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass"
    },
    {
      "cve": "CVE-2023-27522",
      "cwe": {
        "id": "CWE-113",
        "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
      },
      "discovery_date": "2023-03-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2176211"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_uwsgi HTTP response splitting",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi has been categorized as moderate severity for Red Hat Enterprise Linux due to several technical factors. While the potential impact of this vulnerability is significant, its exploitation requires specific conditions, including the presence of mod_proxy_uwsgi and the ability to inject specially crafted headers into requests. Additionally, successful exploitation depends on the specific configuration of the server and the network environment. Furthermore, the vulnerability primarily affects the integrity and reliability of HTTP responses, rather than directly leading to remote code execution or unauthorized access. Therefore, the likelihood of exploitation and the potential impact on affected systems have been evaluated as moderate, warranting attention and remediation but not categorized as important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
        ],
        "known_not_affected": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-27522"
        },
        {
          "category": "external",
          "summary": "RHBZ#2176211",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176211"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27522",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27522",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27522"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2023-03-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-08-15T17:43:48+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4629"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_proxy_uwsgi HTTP response splitting"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Wei Chong Tan",
            "Daniel Stenberg"
          ]
        }
      ],
      "cve": "CVE-2023-28319",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2023-05-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2196778"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "curl: use after free in SSH sha256 fingerprint check",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability does not affect the Curl package as shipped in Red Hat Enterprise Linux 6, 7, 8 and 9.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64"
        ],
        "known_not_affected": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-28319"
        },
        {
          "category": "external",
          "summary": "RHBZ#2196778",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196778"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-28319",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28319",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28319"
        },
        {
          "category": "external",
          "summary": "https://curl.se/docs/CVE-2023-28319.html",
          "url": "https://curl.se/docs/CVE-2023-28319.html"
        }
      ],
      "release_date": "2023-05-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-08-15T17:43:48+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4629"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "curl: use after free in SSH sha256 fingerprint check"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Hiroki Kurosawa",
            "Daniel Stenberg"
          ]
        }
      ],
      "cve": "CVE-2023-28321",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2023-05-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2196786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "curl: IDN wildcard match may lead to Improper Cerificate Validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64"
        ],
        "known_not_affected": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-28321"
        },
        {
          "category": "external",
          "summary": "RHBZ#2196786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-28321",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28321",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28321"
        },
        {
          "category": "external",
          "summary": "https://curl.se/docs/CVE-2023-28321.html",
          "url": "https://curl.se/docs/CVE-2023-28321.html"
        }
      ],
      "release_date": "2023-05-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-08-15T17:43:48+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4629"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "curl: IDN wildcard match may lead to Improper Cerificate Validation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Hiroki Kurosawa",
            "Daniel Stenberg"
          ]
        }
      ],
      "cve": "CVE-2023-28322",
      "cwe": {
        "id": "CWE-440",
        "name": "Expected Behavior Violation"
      },
      "discovery_date": "2023-05-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
            "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2196793"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "curl: more POST-after-PUT confusion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64"
        ],
        "known_not_affected": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el7jbcs.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-51.redhat_1.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el7jbcs.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el7jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.7.0-8.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-102.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.57-5.el8jbcs.noarch",
          "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.19-28.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-51.redhat_1.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-51.redhat_1.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_md-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.4.0-25.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_cluster-debuginfo-0:1.3.19-4.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.src",
          "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.3-29.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.3-29.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.57-5.el8jbcs.x86_64",
          "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.57-5.el8jbcs.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-28322"
        },
        {
          "category": "external",
          "summary": "RHBZ#2196793",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-28322",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28322",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28322"
        },
        {
          "category": "external",
          "summary": "https://curl.se/docs/CVE-2023-28322.html",
          "url": "https://curl.se/docs/CVE-2023-28322.html"
        }
      ],
      "release_date": "2023-05-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-08-15T17:43:48+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4629"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el7jbcs.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el7jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.src",
            "8Base-JBCS:jbcs-httpd24-curl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:8.2.1-1.el8jbcs.x86_64",
            "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:8.2.1-1.el8jbcs.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "curl: more POST-after-PUT confusion"
    }
  ]
}

CVE-2023-27522 (GCVE-0-2023-27522)

Vulnerability from cvelistv5 – Published: 2023-03-07 15:09 – Updated: 2025-02-13 16:45

Title

Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting

Summary

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.

Severity ?

No CVSS data available.

CWE

CWE-444 - Inconsistent Interpretation of HTTP Responses ('HTTP Response Smuggling')

Assigner

apache

References

3 references

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023…
https://security.gentoo.org/glsa/202309-01

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 2.4.30 , ≤ 2.4.55 (semver)

Credits

Dimas Fariski Setyawan Putra (nyxsorcerer)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:16:35.628Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202309-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "http_server",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "2.4.55",
                "status": "affected",
                "version": "2.4.30",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-27522",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T16:41:55.138882Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T16:42:56.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.55",
              "status": "affected",
              "version": "2.4.30",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dimas Fariski Setyawan Putra (nyxsorcerer)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eHTTP Response Smuggling vulnerability in Apache HTTP Server via mod_\u003ccode\u003eproxy_uwsgi\u003c/code\u003e. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.\u003c/div\u003e\u003cdiv\u003eSpecial characters in the origin response header can truncate/split the response forwarded to the client.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.\n\nSpecial characters in the origin response header can truncate/split the response forwarded to the client."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444 Inconsistent Interpretation of HTTP Responses (\u0027HTTP Response Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-08T21:06:20.401Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html"
        },
        {
          "url": "https://security.gentoo.org/glsa/202309-01"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-01-29T06:42:00.000Z",
          "value": "Reported to security team"
        }
      ],
      "title": "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-27522",
    "datePublished": "2023-03-07T15:09:30.122Z",
    "dateReserved": "2023-03-02T12:24:47.536Z",
    "dateUpdated": "2025-02-13T16:45:26.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-24963 (GCVE-0-2022-24963)

Vulnerability from cvelistv5 – Published: 2023-01-31 15:52 – Updated: 2025-03-27 14:33

Title

Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions

Summary

Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.

Severity ?

No CVSS data available.

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

apache

References

2 references

URL	Tags
https://lists.apache.org/thread/fw9p6sdncwsjkstwc…	vendor-advisory
https://security.netapp.com/advisory/ntap-2023090…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Portable Runtime (APR)	Affected: 1.7.0

Credits

Ronald Crane (Zippenhop LLC)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:29:01.595Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230908-0008/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-24963",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-27T14:33:34.281533Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T14:33:39.826Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Portable Runtime (APR)",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.7.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ronald Crane (Zippenhop LLC)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.\u003cbr\u003eThis issue affects Apache Portable Runtime (APR) version 1.7.0."
            }
          ],
          "value": "Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.\nThis issue affects Apache Portable Runtime (APR) version 1.7.0."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-08T16:06:38.212Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230908-0008/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-24963",
    "datePublished": "2023-01-31T15:52:09.716Z",
    "dateReserved": "2022-02-11T12:49:56.769Z",
    "dateUpdated": "2025-03-27T14:33:39.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-24021 (GCVE-0-2023-24021)

Vulnerability from cvelistv5 – Published: 2023-01-20 00:00 – Updated: 2025-04-02 16:18

Summary

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

Assigner

mitre

References

7 references

URL	Tags
https://github.com/SpiderLabs/ModSecurity/release…
https://github.com/SpiderLabs/ModSecurity/pull/2857
https://github.com/SpiderLabs/ModSecurity/pull/28…
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:49:08.810Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/SpiderLabs/ModSecurity/pull/2857"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334"
          },
          {
            "name": "[debian-lts-announce] 20230126 [SECURITY] [DLA 3283-1] modsecurity-apache security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html"
          },
          {
            "name": "FEDORA-2023-8aa264d5c5",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/"
          },
          {
            "name": "FEDORA-2023-09f0496e60",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/"
          },
          {
            "name": "FEDORA-2023-bc61f7a145",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-24021",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-02T16:17:41.632356Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-170",
                "description": "CWE-170 Improper Null Termination",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-02T16:18:27.850Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect handling of \u0027\\0\u0027 bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-22T02:06:14.171Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.7"
        },
        {
          "url": "https://github.com/SpiderLabs/ModSecurity/pull/2857"
        },
        {
          "url": "https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334"
        },
        {
          "name": "[debian-lts-announce] 20230126 [SECURITY] [DLA 3283-1] modsecurity-apache security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html"
        },
        {
          "name": "FEDORA-2023-8aa264d5c5",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/"
        },
        {
          "name": "FEDORA-2023-09f0496e60",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/"
        },
        {
          "name": "FEDORA-2023-bc61f7a145",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-24021",
    "datePublished": "2023-01-20T00:00:00.000Z",
    "dateReserved": "2023-01-20T00:00:00.000Z",
    "dateUpdated": "2025-04-02T16:18:27.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28322 (GCVE-0-2023-28322)

Vulnerability from cvelistv5 – Published: 2023-05-26 00:00 – Updated: 2026-02-13 19:43

Summary

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Information Disclosure (CWE-200)

Assigner

hackerone

References

12 references

URL	Tags
https://hackerone.com/reports/1954658
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.netapp.com/advisory/ntap-2023060…
https://support.apple.com/kb/HT213843
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845
http://seclists.org/fulldisclosure/2023/Jul/52	mailing-list
http://seclists.org/fulldisclosure/2023/Jul/48	mailing-list
http://seclists.org/fulldisclosure/2023/Jul/47	mailing-list
https://security.gentoo.org/glsa/202310-12	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Impacted products

1 product

Vendor	Product	Version
n/a	https://github.com/curl/curl	Affected: Fixed in 8.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:38:25.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1954658"
          },
          {
            "name": "FEDORA-2023-37eac50e9b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/"
          },
          {
            "name": "FEDORA-2023-8ed627bb04",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230609-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213843"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213844"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213845"
          },
          {
            "name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/52"
          },
          {
            "name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/48"
          },
          {
            "name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/47"
          },
          {
            "name": "GLSA-202310-12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202310-12"
          },
          {
            "name": "[debian-lts-announce] 20231222 [SECURITY] [DLA 3692-1] curl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-28322",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-13T19:43:16.334601Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-13T19:43:18.938Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/curl/curl",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 8.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability exists in curl \u003cv8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Information Disclosure (CWE-200)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-22T16:06:14.746Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/1954658"
        },
        {
          "name": "FEDORA-2023-37eac50e9b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/"
        },
        {
          "name": "FEDORA-2023-8ed627bb04",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230609-0009/"
        },
        {
          "url": "https://support.apple.com/kb/HT213843"
        },
        {
          "url": "https://support.apple.com/kb/HT213844"
        },
        {
          "url": "https://support.apple.com/kb/HT213845"
        },
        {
          "name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Jul/52"
        },
        {
          "name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Jul/48"
        },
        {
          "name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Jul/47"
        },
        {
          "name": "GLSA-202310-12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202310-12"
        },
        {
          "name": "[debian-lts-announce] 20231222 [SECURITY] [DLA 3692-1] curl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-28322",
    "datePublished": "2023-05-26T00:00:00.000Z",
    "dateReserved": "2023-03-14T00:00:00.000Z",
    "dateUpdated": "2026-02-13T19:43:18.938Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-37436 (GCVE-0-2022-37436)

Vulnerability from cvelistv5 – Published: 2023-01-17 19:12 – Updated: 2025-04-04 18:06

Title

Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting

Summary

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

Severity ?

No CVSS data available.

CWE

CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers

Assigner

apache

References

2 references

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory
https://security.gentoo.org/glsa/202309-01

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 0 , < 2.4.55 (semver)

Credits

Dimas Fariski Setyawan Putra (@nyxsorcerer)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:29:20.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202309-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-37436",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-04T18:06:04.365341Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-113",
                "description": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-04T18:06:37.763Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.4.55",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dimas Fariski Setyawan Putra (@nyxsorcerer)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client."
            }
          ],
          "value": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-113",
              "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-08T21:06:23.773Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "url": "https://security.gentoo.org/glsa/202309-01"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-07-14T06:22:00.000Z",
          "value": "Reported to security team"
        }
      ],
      "title": "Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-37436",
    "datePublished": "2023-01-17T19:12:59.968Z",
    "dateReserved": "2022-08-05T12:37:59.731Z",
    "dateUpdated": "2025-04-04T18:06:37.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28319 (GCVE-0-2023-28319)

Vulnerability from cvelistv5 – Published: 2023-05-26 00:00 – Updated: 2025-01-15 16:00

Summary

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-416 - Use After Free (CWE-416)

Assigner

hackerone

References

9 references

URL	Tags
https://hackerone.com/reports/1913733
https://security.netapp.com/advisory/ntap-2023060…
https://support.apple.com/kb/HT213843
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845
http://seclists.org/fulldisclosure/2023/Jul/52	mailing-list
http://seclists.org/fulldisclosure/2023/Jul/48	mailing-list
http://seclists.org/fulldisclosure/2023/Jul/47	mailing-list
https://security.gentoo.org/glsa/202310-12	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
n/a	https://github.com/curl/curl	Affected: Fixed in 8.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:38:24.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1913733"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230609-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213843"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213844"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213845"
          },
          {
            "name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/52"
          },
          {
            "name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/48"
          },
          {
            "name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/47"
          },
          {
            "name": "GLSA-202310-12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202310-12"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-28319",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T15:59:44.698453Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T16:00:16.843Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/curl/curl",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 8.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use after free vulnerability exists in curl \u003cv8.1.0 in the way libcurl offers a feature to verify an SSH server\u0027s public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use After Free (CWE-416)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-11T10:06:29.880Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/1913733"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230609-0009/"
        },
        {
          "url": "https://support.apple.com/kb/HT213843"
        },
        {
          "url": "https://support.apple.com/kb/HT213844"
        },
        {
          "url": "https://support.apple.com/kb/HT213845"
        },
        {
          "name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Jul/52"
        },
        {
          "name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Jul/48"
        },
        {
          "name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Jul/47"
        },
        {
          "name": "GLSA-202310-12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202310-12"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-28319",
    "datePublished": "2023-05-26T00:00:00.000Z",
    "dateReserved": "2023-03-14T00:00:00.000Z",
    "dateUpdated": "2025-01-15T16:00:16.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-36760 (GCVE-0-2022-36760)

Vulnerability from cvelistv5 – Published: 2023-01-17 19:11 – Updated: 2025-04-04 18:08

Title

Apache HTTP Server: mod_proxy_ajp Possible request smuggling

Summary

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

Severity ?

No CVSS data available.

CWE

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Assigner

apache

References

2 references

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory
https://security.gentoo.org/glsa/202309-01

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 2.4 , ≤ 2.4.54 (semver)

Credits

ZeddYu_Lu from Qi'anxin Research Institute of Legendsec at Qi'anxin Group

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:14:28.094Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202309-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-36760",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-04T18:07:18.055286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-444",
                "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-04T18:08:02.696Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.54",
              "status": "affected",
              "version": "2.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "ZeddYu_Lu from Qi\u0027anxin Research Institute of Legendsec at Qi\u0027anxin Group"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.  This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions."
            }
          ],
          "value": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.  This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-08T21:06:22.161Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "url": "https://security.gentoo.org/glsa/202309-01"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-07-12T11:00:00.000Z",
          "value": "Reported to security team"
        }
      ],
      "title": "Apache HTTP Server: mod_proxy_ajp Possible request smuggling",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-36760",
    "datePublished": "2023-01-17T19:11:55.106Z",
    "dateReserved": "2022-07-25T12:18:16.655Z",
    "dateUpdated": "2025-04-04T18:08:02.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-48279 (GCVE-0-2022-48279)

Vulnerability from cvelistv5 – Published: 2023-01-20 00:00 – Updated: 2025-04-03 18:43

Summary

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

Assigner

mitre

References

9 references

URL	Tags
https://github.com/SpiderLabs/ModSecurity/release…
https://github.com/SpiderLabs/ModSecurity/pull/2797
https://github.com/SpiderLabs/ModSecurity/release…
https://github.com/SpiderLabs/ModSecurity/pull/2795
https://coreruleset.org/20220919/crs-version-3-3-…
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:10:59.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/SpiderLabs/ModSecurity/pull/2797"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/SpiderLabs/ModSecurity/pull/2795"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/"
          },
          {
            "name": "[debian-lts-announce] 20230126 [SECURITY] [DLA 3283-1] modsecurity-apache security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html"
          },
          {
            "name": "FEDORA-2023-8aa264d5c5",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/"
          },
          {
            "name": "FEDORA-2023-09f0496e60",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/"
          },
          {
            "name": "FEDORA-2023-bc61f7a145",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-48279",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-03T18:41:41.279763Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-436",
                "description": "CWE-436 Interpretation Conflict",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-03T18:43:26.152Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-22T02:06:15.629Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6"
        },
        {
          "url": "https://github.com/SpiderLabs/ModSecurity/pull/2797"
        },
        {
          "url": "https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8"
        },
        {
          "url": "https://github.com/SpiderLabs/ModSecurity/pull/2795"
        },
        {
          "url": "https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/"
        },
        {
          "name": "[debian-lts-announce] 20230126 [SECURITY] [DLA 3283-1] modsecurity-apache security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html"
        },
        {
          "name": "FEDORA-2023-8aa264d5c5",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/"
        },
        {
          "name": "FEDORA-2023-09f0496e60",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/"
        },
        {
          "name": "FEDORA-2023-bc61f7a145",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-48279",
    "datePublished": "2023-01-20T00:00:00.000Z",
    "dateReserved": "2023-01-20T00:00:00.000Z",
    "dateUpdated": "2025-04-03T18:43:26.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28321 (GCVE-0-2023-28321)

Vulnerability from cvelistv5 – Published: 2023-05-26 00:00 – Updated: 2025-01-15 15:54

Summary

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-295 - Improper Certificate Validation (CWE-295)

Assigner

hackerone

References

12 references

URL	Tags
https://hackerone.com/reports/1950627
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.netapp.com/advisory/ntap-2023060…
https://support.apple.com/kb/HT213843
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845
http://seclists.org/fulldisclosure/2023/Jul/52	mailing-list
http://seclists.org/fulldisclosure/2023/Jul/48	mailing-list
http://seclists.org/fulldisclosure/2023/Jul/47	mailing-list
https://security.gentoo.org/glsa/202310-12	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Impacted products

1 product

Vendor	Product	Version
n/a	https://github.com/curl/curl	Affected: Fixed in 8.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:38:24.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1950627"
          },
          {
            "name": "FEDORA-2023-37eac50e9b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/"
          },
          {
            "name": "FEDORA-2023-8ed627bb04",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230609-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213843"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213844"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213845"
          },
          {
            "name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/52"
          },
          {
            "name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/48"
          },
          {
            "name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/47"
          },
          {
            "name": "GLSA-202310-12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202310-12"
          },
          {
            "name": "[debian-lts-announce] 20231011 [SECURITY] [DLA 3613-1] curl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-28321",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T15:54:13.258889Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T15:54:33.745Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/curl/curl",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 8.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper certificate validation vulnerability exists in curl \u003cv8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "Improper Certificate Validation (CWE-295)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-11T14:06:17.325Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/1950627"
        },
        {
          "name": "FEDORA-2023-37eac50e9b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/"
        },
        {
          "name": "FEDORA-2023-8ed627bb04",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230609-0009/"
        },
        {
          "url": "https://support.apple.com/kb/HT213843"
        },
        {
          "url": "https://support.apple.com/kb/HT213844"
        },
        {
          "url": "https://support.apple.com/kb/HT213845"
        },
        {
          "name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Jul/52"
        },
        {
          "name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Jul/48"
        },
        {
          "name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Jul/47"
        },
        {
          "name": "GLSA-202310-12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202310-12"
        },
        {
          "name": "[debian-lts-announce] 20231011 [SECURITY] [DLA 3613-1] curl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-28321",
    "datePublished": "2023-05-26T00:00:00.000Z",
    "dateReserved": "2023-03-14T00:00:00.000Z",
    "dateUpdated": "2025-01-15T15:54:33.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2023_4629

CVE-2023-27522 (GCVE-0-2023-27522)

CVE-2022-24963 (GCVE-0-2022-24963)

CVE-2023-24021 (GCVE-0-2023-24021)

CVE-2023-28322 (GCVE-0-2023-28322)

CVE-2022-37436 (GCVE-0-2022-37436)

CVE-2023-28319 (GCVE-0-2023-28319)

CVE-2022-36760 (GCVE-0-2022-36760)

CVE-2022-48279 (GCVE-0-2022-48279)

CVE-2023-28321 (GCVE-0-2023-28321)

Tags

Sightings

Nomenclature