httpd:2.4 security, bug fix, and enhancement update

🗓️ 16 Nov 2021 00:00:00Reported by OracleLinuxType

oraclelinux

oraclelinux🔗 linux.oracle.com👁 69 Views

Update for Apache HTTP Server 2.4 with bug fixes and security enhancement

Reporter	Title	Published	Views	Family All 616
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2020-13938, CVE-2021-30641)	28 Jun 202115:28	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise	21 Sep 202109:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-31618, CVE-2020-13950, CVE-2019-17567, CVE-2020-26691, CVE-2021-26690, CVE-2020-13938, CVE-2021-30641, CVE-2020-35452)	29 Apr 202502:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Directory Server	1 Sep 202116:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2020-13938, CVE-2021-30641)	14 Sep 202215:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2021-39275, CVE-2021-40438, CVE-2021-34798)	8 Nov 202104:06	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal	7 Oct 202106:28	–	ibm
IBM Security Bulletins	Security Bulletin: Apache HTTP Server as used in IBM QRadar SIEM is vulnerable to server-side request forgery (SSRF) (CVE-2021-40438)	20 Dec 202121:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server shipped with IBM Case Manager (CVE-2020-13938, CVE-2021-30641)	23 Jun 202122:54	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server	28 Jun 202118:00	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
oracle linux	8	src	httpd	2.4.37-41.0.1.module	httpd-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.src.rpm
oracle linux	8	src	mod_http2	1.15.7-3.module	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm
oracle linux	8	src	mod_md	2.0.8-8.module	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm
oracle linux	8	aarch64	httpd	2.4.37-41.0.1.module	httpd-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm
oracle linux	8	aarch64	httpd-devel	2.4.37-41.0.1.module	httpd-devel-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm
oracle linux	8	noarch	httpd-filesystem	2.4.37-41.0.1.module	httpd-filesystem-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.noarch.rpm
oracle linux	8	noarch	httpd-manual	2.4.37-41.0.1.module	httpd-manual-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.noarch.rpm
oracle linux	8	aarch64	httpd-tools	2.4.37-41.0.1.module	httpd-tools-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm
oracle linux	8	aarch64	mod_http2	1.15.7-3.module	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.aarch64.rpm
oracle linux	8	aarch64	mod_ldap	2.4.37-41.0.1.module	mod_ldap-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.aarch64.rpm

16 Nov 2021 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 26.8

CVSS 3.19

EPSS0.94432

apache http server 2.4 bug fixes security enhancements oracle product tls records ssl certificates samesite cookies http/https xml virtual hosts acme server