9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.831 High
EPSS
Percentile
98.4%
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
The following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)
Security Fix(es):
httpd: memory corruption on early pushes (CVE-2019-10081)
httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)
httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)
httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)
httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)
httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)
httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)
httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)
httpd: mod_rewrite potential open redirect (CVE-2019-10098)
httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
almalinux | 8 | x86_64 | mod_md | < 2.0.8-8.module_el8.5.0+2609+b30d9eec | mod_md-2.0.8-8.module_el8.5.0+2609+b30d9eec.x86_64.rpm |
almalinux | 8 | aarch64 | mod_md | < 2.0.8-8.module_el8.6.0+2872+fe0ff7aa | mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.aarch64.rpm |
almalinux | 8 | ppc64le | mod_md | < 2.0.8-8.module_el8.6.0+2872+fe0ff7aa | mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa.ppc64le.rpm |
errata.almalinux.org/8/ALSA-2020-4751.html
vulners.com/cve/CVE-2018-17189
vulners.com/cve/CVE-2019-0196
vulners.com/cve/CVE-2019-0197
vulners.com/cve/CVE-2019-10081
vulners.com/cve/CVE-2019-10082
vulners.com/cve/CVE-2019-10092
vulners.com/cve/CVE-2019-10097
vulners.com/cve/CVE-2019-10098
vulners.com/cve/CVE-2020-1927
vulners.com/cve/CVE-2020-1934
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.831 High
EPSS
Percentile
98.4%