Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
almalinuxAlmaLinuxALSA-2020:4751
HistoryNov 03, 2020 - 12:33 p.m.

Moderate: httpd:2.4 security, bug fix, and enhancement update

2020-11-0312:33:02
errata.almalinux.org
58

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.831 High

EPSS

Percentile

98.4%

JSON

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

The following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)

Security Fix(es):

  • httpd: memory corruption on early pushes (CVE-2019-10081)

  • httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)

  • httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)

  • httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)

  • httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)

  • httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)

  • httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)

  • httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)

  • httpd: mod_rewrite potential open redirect (CVE-2019-10098)

  • httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8x86_64mod_md< 2.0.8-8.module_el8.5.0+2609+b30d9eecmod_md-2.0.8-8.module_el8.5.0+2609+b30d9eec.x86_64.rpm
almalinux8aarch64mod_md< 2.0.8-8.module_el8.6.0+2872+fe0ff7aamod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.aarch64.rpm
almalinux8ppc64lemod_md< 2.0.8-8.module_el8.6.0+2872+fe0ff7aamod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.ppc64le.rpm

Related

nessus 62
osv 8
rocky 1
redhat 6
oraclelinux 2
openvas 39
ubuntu 2
photon 5
freebsd 2
kaspersky 2
mageia 2
slackware 1
debian 3
ibm 20
amazon 4
suse 2
gentoo 1
fedora 7
symantec 1
archlinux 1
altlinux 3
centos 1
f5 4
httpd 2
alpinelinux 2
hackerone 2
prion 2
ubuntucve 3
cve 4
veracode 1
redhatcve 2
debiancve 2
nessus
nessus
RHEL 8 : httpd:2.4 (RHSA-2020:4751)
2020-11-04 00:00:00
Oracle Linux 8 : httpd:2.4 (ELSA-2020-4751)
2020-11-12 00:00:00
Rocky Linux 8 : httpd:2.4 (RLSA-2020:4751)
2023-11-06 00:00:00
osv
osv
Moderate: httpd:2.4 security, bug fix, and enhancement update
2020-11-03 12:33:02
Moderate: httpd:2.4 security, bug fix, and enhancement update
2020-11-03 12:33:02
apache2 - security update
2019-08-26 00:00:00
rocky
rocky
httpd:2.4 security, bug fix, and enhancement update
2020-11-03 12:33:02
redhat
redhat
(RHSA-2020:4751) Moderate: httpd:2.4 security, bug fix, and enhancement update
2020-11-03 12:33:02
(RHSA-2020:1336) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update
2020-04-06 19:02:18
(RHSA-2020:1337) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update
2020-04-06 19:02:25
oraclelinux
oraclelinux
httpd:2.4 security, bug fix, and enhancement update
2020-11-10 00:00:00
httpd security, bug fix, and enhancement update
2020-10-06 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4113-2)
2019-09-18 00:00:00
Ubuntu: Security Advisory (USN-4113-1)
2019-08-30 00:00:00
Slackware: Security Advisory (SSA:2020-091-02)
2022-04-21 00:00:00
ubuntu
ubuntu
Apache HTTP Server regression
2019-09-17 00:00:00
Apache HTTP Server vulnerabilities
2019-08-29 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0253
2019-10-15 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0178
2019-10-03 00:00:00
Critical Photon OS Security Update - PHSA-2019-0253
2019-10-15 00:00:00
freebsd
freebsd
Apache -- Multiple vulnerabilities
2019-08-14 00:00:00
Apache -- Multiple vulnerabilities
2020-04-01 00:00:00
kaspersky
kaspersky
KLA12366 Multiple vulnerabilities in Apache HTTP Server
2019-08-14 00:00:00
KLA12367 Multiple vulnerabilities in Apache HTTP Server
2020-04-01 00:00:00
mageia
mageia
Updated apache packages fix security vulnerabilities
2019-12-25 22:08:41
Updated apache packages fix security vulnerabilities
2020-04-15 13:12:14
slackware
slackware
[slackware-security] httpd
2020-03-31 19:45:57
debian
debian
[SECURITY] [DSA 4509-1] apache2 security update
2019-08-26 19:52:07
[SECURITY] [DSA 4509-1] apache2 security update
2019-08-26 19:52:07
[SECURITY] [DLA 1900-1] apache2 security update
2019-08-28 22:39:55
ibm
ibm
Security Bulletin: Multiple vulnerabilities in the IBM i HTTP Server affect IBM i.
2019-12-18 14:26:38
Security Bulletin: Aspera Web Applications (Faspex, Console, Shares) are affected by Apache Vulnerabilities (CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098), )
2020-02-07 02:02:44
Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect Rational Build Forge (CVE-2019-9517, CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098)
2019-09-30 12:42:18
amazon
amazon
Medium: httpd24
2019-10-18 23:22:00
Medium: httpd
2019-10-28 17:42:00
Low: httpd
2020-05-19 18:32:00
suse
suse
Security update for apache2 (important)
2019-09-02 00:00:00
Security update for apache2 (important)
2020-05-02 00:00:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2019-09-06 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: httpd-2.4.41-1.fc29
2019-09-30 01:39:18
[SECURITY] Fedora 30 Update: httpd-2.4.41-1.fc30
2019-08-23 01:27:58
[SECURITY] Fedora 29 Update: mod_md-2.0.8-3.fc29
2019-09-30 01:39:18
symantec
symantec
Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020
2020-06-12 20:41:37
archlinux
archlinux
[ASA-202004-14] apache: multiple issues
2020-04-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 1:2.4.43-alt1
2020-04-09 00:00:00
Security fix for the ALT Linux 9 package apache2 version 1:2.4.43-alt1
2020-04-08 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.43-alt1
2020-04-06 00:00:00
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2020-10-20 18:13:33
f5
f5
K44591505 : Apache vulnerabilities CVE-2019-0196, CVE-2019-0197, and CVE-2019-0220
2019-05-07 00:00:00
K86612211 : Apache vulnerability CVE-2018-17189
2019-02-04 00:00:00
K82200103 : Apache mod_http2 vulnerability CVE-2019-10082
2019-09-03 00:00:00
httpd
httpd
Apache Httpd < 2.4.41 : CVE-2019-10097 mod_remoteip: Stack buffer overflow and NULL pointer dereference
2019-07-23 00:00:00
Apache Httpd < 2.4.38 : DoS for HTTP/2 connections via slow request bodies
2018-10-16 00:00:00
alpinelinux
alpinelinux
CVE-2019-10097
2019-09-26 16:15:00
CVE-2018-17189
2019-01-30 22:29:00
hackerone
hackerone
Internet Bug Bounty: mod_http2, read-after-free in h2 connection shutdown (CVE-2019-10082)
2019-08-23 13:38:25
Internet Bug Bounty: mod_remoteip stack buffer overflow and NULL pointer dereference
2019-08-15 14:42:13
prion
prion
Session fixation
2019-09-26 16:15:00
Design/Logic Flaw
2019-01-30 22:29:00
ubuntucve
ubuntucve
CVE-2019-10097
2019-08-14 00:00:00
CVE-2018-17189
2019-01-30 00:00:00
CVE-2019-10098
2019-08-14 00:00:00
cve
cve
CVE-2018-17189
2019-01-30 22:29:00
CVE-2019-10082
2019-09-26 16:15:00
CVE-2019-10097
2019-09-26 16:15:00
veracode
veracode
Denial Of Service (DoS)
2019-11-21 00:17:08
redhatcve
redhatcve
CVE-2018-17189
2019-01-22 21:50:53
CVE-2019-10097
2020-04-01 20:22:36
debiancve
debiancve
CVE-2019-10097
2019-09-26 16:15:00
CVE-2019-10098
2019-09-25 17:15:00

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.831 High

EPSS

Percentile

98.4%

JSON
Related for ALSA-2020:4751
nessus62osv8rocky1redhat6oraclelinux2openvas39ubuntu2photon5freebsd2kaspersky2mageia2slackware1debian3ibm20amazon4suse2gentoo1fedora7symantec1archlinux1altlinux3centos1f54httpd2alpinelinux2hackerone2prion2ubuntucve3cve4veracode1redhatcve2debiancve2