Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2023-2155
HistoryApr 18, 2023 - 12:09 p.m.

Advisory ROSA-SA-2023-2155

2023-04-1812:09:43
ROSA LAB
abf.rosalinux.ru
24
mod_http2
rosa virtualization
http/2
apache http server
denial of service
server misconfiguration
http request smuggling
ssrf attack
yum update.

0.307 Low

EPSS

Percentile

97.0%

JSON

Software: mod_http2 1.15.7
OS: ROSA Virtualization 2.1

package_evr_string: 1.15.7

CVE-ID: CVE-2020-11993
BDU-ID: 2021-00779
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the Apache HTTP Server’s implementation of the HTTP/2 web server mechanism is related to inconsistent interpretation of http requests. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service or lead to server misconfiguration
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update mod_http2 command

CVE-ID: CVE-2021-33193
BDU-ID: 2021-04216
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the mod_proxy module of the mod_proxy httpd daemon of the Apache HTTP Server web server is related to flaws in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to send a hidden HTTP request (HTTP Request Smuggling attack).
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update mod_http2 command.

CVE-ID: CVE-2021-44224
BDU-ID: 2021-06393
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the Apache HTTP server is related to server-side request forgery. Exploitation of the vulnerability could allow an attacker acting remotely to conduct an SSRF attack by sending a specially crafted HTTP request
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update mod_http2 command.

CVE-ID: CVE-2023-25690
BDU-ID: 2023-01738
CVE-Crit: CRITICAL
CVE-DESC: A vulnerability in the mod_proxy module of the Apache HTTP Server web server is related to flaws in the handling of the Transfer-Encoding header. Exploitation of the vulnerability could allow an attacker acting remotely to send a stealthy HTTP request (HTTP Request Smuggling attack)
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update mod_http2 command.

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchmod_http2< 1.15.7UNKNOWN

Related

ibm 20
redhat 11
nessus 47
oraclelinux 5
rocky 5
osv 16
almalinux 3
cvelist 4
openvas 25
veracode 4
cbl_mariner 7
redhatcve 4
prion 4
alpinelinux 4
cve 4
zdt 2
debiancve 4
ubuntucve 4
httpd 3
photon 3
f5 3
hackerone 1
checkpoint_advisories 1
cnvd 1
ubuntu 2
githubexploit 2
packetstorm 1
fedora 3
amazon 1
redos 1
cisa 1
slackware 1
debian 1
altlinux 1
ibm
ibm
Security Bulletin: Vulnerabilities in Apache HTTP (CVE-2021-33193 and CVE-2021-44224) affects Power HMC
2022-12-04 00:13:21
Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-44224)
2022-01-17 18:32:06
Security Bulletin: IBM HTTP Server (powered by Apache) for i is vulnerable to CVE-2021-44224
2022-02-28 23:45:49
redhat
redhat
(RHSA-2022:1915) Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
(RHSA-2023:1670) Important: httpd and mod_http2 security update
2023-04-06 14:39:22
(RHSA-2023:1916) Important: httpd and mod_http2 security update
2023-04-20 13:36:11
nessus
nessus
AlmaLinux 8 : httpd:2.4 (ALSA-2022:1915)
2022-05-12 00:00:00
Oracle Linux 8 : httpd:2.4 (ELSA-2022-1915)
2022-05-18 00:00:00
Rocky Linux 8 : httpd:2.4 (RLSA-2022:1915)
2023-11-06 00:00:00
oraclelinux
oraclelinux
httpd:2.4 security and bug fix update
2022-05-17 00:00:00
httpd:2.4 security update
2022-04-13 00:00:00
httpd security update
2023-04-05 00:00:00
rocky
rocky
httpd:2.4 security and bug fix update
2022-05-10 08:07:40
httpd bug fix update
2023-05-25 19:53:09
httpd:2.4 security update
2023-04-12 01:40:50
osv
osv
Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
CVE-2021-33193
2021-08-16 08:15:11
almalinux
almalinux
Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
Important: httpd and mod_http2 security update
2023-04-06 00:00:00
Important: httpd:2.4 security update
2023-04-06 00:00:00
cvelist
cvelist
CVE-2021-33193 Request splitting via HTTP/2 method injection and mod_proxy
2021-08-16 00:00:00
CVE-2020-11993
2020-08-07 15:32:55
CVE-2021-44224 Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier
2021-12-20 11:20:13
openvas
openvas
Apache HTTP Server 2.4.17 < 2.4.49 'mod_proxy' HTTP/2 Request Smuggling Vulnerability - Linux
2021-08-09 00:00:00
openSUSE: Security Advisory for apache2 (openSUSE-SU-2021:1234-1)
2021-09-08 00:00:00
openSUSE: Security Advisory for apache2 (openSUSE-SU-2021:2954-1)
2021-09-04 00:00:00
veracode
veracode
Privilege Escalation
2021-08-13 01:56:49
Denial Of Service (DoS)
2020-08-11 03:25:00
Denial Of Service (DoS)
2021-12-21 08:11:59
cbl_mariner
cbl_mariner
CVE-2021-33193 affecting package httpd for versions less than 2.4.52-1
2022-04-09 06:51:57
CVE-2020-11993 affecting package httpd 2.4.43-
2021-07-08 21:56:40
CVE-2021-33193 affecting package httpd 2.4.46-6
2021-09-09 15:02:57
redhatcve
redhatcve
CVE-2020-11993
2020-08-11 20:13:36
CVE-2021-33193
2021-08-12 02:03:43
CVE-2021-44224
2021-12-21 17:04:16
prion
prion
Information disclosure
2020-08-07 16:15:00
Input validation
2021-08-16 08:15:00
Design/Logic Flaw
2021-12-20 12:15:00
alpinelinux
alpinelinux
CVE-2020-11993
2020-08-07 16:15:11
CVE-2021-33193
2021-08-16 08:15:11
CVE-2021-44224
2021-12-20 12:15:00
cve
cve
CVE-2020-11993
2020-08-07 16:15:11
CVE-2021-33193
2021-08-16 08:15:11
CVE-2021-44224
2021-12-20 12:15:07
zdt
zdt
Apache 2 HTTP2 Module Concurrent Pool Usage Vulnerability
2020-12-08 00:00:00
Apache 2.4.55 mod_proxy HTTP Request Smuggling Exploit
2024-01-02 00:00:00
debiancve
debiancve
CVE-2020-11993
2020-08-07 16:15:11
CVE-2021-33193
2021-08-16 08:15:00
CVE-2023-25690
2023-03-07 16:15:09
ubuntucve
ubuntucve
CVE-2020-11993
2020-08-07 00:00:00
CVE-2021-33193
2021-08-16 00:00:00
CVE-2021-44224
2021-12-20 00:00:00
httpd
httpd
Apache Httpd < 2.4.44 : Push Diary Crash on Specifically Crafted HTTP/2 Header
2020-06-16 00:00:00
Apache Httpd < 2.4.49 : Request splitting via HTTP/2 method injection and mod_proxy
2021-05-11 00:00:00
Apache Httpd < 2.4.52 : Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier
2021-12-20 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0305
2021-09-24 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0305
2021-09-24 00:00:00
Critical Photon OS Security Update - PHSA-2020-0125
2020-08-12 00:00:00
f5
f5
K94828628 : Apache mod_proxy HTTP/2 vulnerability CVE-2021-33193
2021-09-13 00:00:00
K16090693 : Apache HTTP server vulnerability CVE-2021-44224
2021-12-27 00:00:00
K000133098 : Apache vulnerability CVE-2023-25690
2023-03-22 00:00:00
hackerone
hackerone
Internet Bug Bounty: Request line injection via HTTP/2 in Apache mod_proxy
2021-11-04 13:39:46
checkpoint_advisories
checkpoint_advisories
Apache httpd mod_proxy NULL Pointer Dereference (CVE-2021-44224)
2022-11-21 00:00:00
cnvd
cnvd
Apache HTTP Server code issue vulnerability
2021-12-24 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerability
2023-03-22 00:00:00
Apache HTTP Server vulnerabilities
2022-01-10 00:00:00
githubexploit
githubexploit
Exploit for HTTP Request Smuggling in Apache Http Server
2023-05-22 03:06:31
Exploit for HTTP Request Smuggling in Apache Http Server
2023-12-04 16:58:53
packetstorm
packetstorm
Apache 2.4.55 mod_proxy HTTP Request Smuggling
2024-01-02 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: mod_http2-1.15.14-1.fc32
2020-08-21 01:11:28
[SECURITY] Fedora 31 Update: mod_http2-1.15.14-1.fc31
2020-08-26 14:41:04
[SECURITY] Fedora 35 Update: httpd-2.4.50-1.fc35
2021-10-29 23:19:42
amazon
amazon
Important: mod_http2
2020-09-15 17:44:00
redos
redos
ROS-20211223-04
2021-12-23 00:00:00
cisa
cisa
Apache Releases Security Update for HTTP Server
2021-12-22 00:00:00
slackware
slackware
[slackware-security] httpd
2021-12-20 20:00:56
debian
debian
[SECURITY] [DSA 5035-1] apache2 security update
2022-01-04 16:38:55
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 1:2.4.52-alt1
2021-12-27 00:00:00

0.307 Low

EPSS

Percentile

97.0%

JSON
Related for ROSA-SA-2023-2155
ibm20redhat11nessus47oraclelinux5rocky5osv16almalinux3cvelist4openvas25veracode4cbl_mariner7redhatcve4prion4alpinelinux4cve4zdt2debiancve4ubuntucve4httpd3photon3f53hackerone1checkpoint_advisories1cnvd1ubuntu2githubexploit2packetstorm1fedora3amazon1redos1cisa1slackware1debian1altlinux1