logo
DATABASE RESOURCES PRICING ABOUT US

RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 (RHSA-2020:2644)

Description

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2644 advisory. - expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843) - httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196) - httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197) - expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956) - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388) - nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080) - httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934) - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Related