Lucene search

K
oraclelinuxOracleLinuxELSA-2021-4537
HistoryNov 18, 2021 - 12:00 a.m.

httpd:2.4 security update

2021-11-1800:00:00
linux.oracle.com
68

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

httpd
[2.4.37-43.0.1]

  • Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
  • Replace index.html with Oracle’s index page oracle_index.html.
    [2.4.37-43]
  • Related: #2007235 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
    a crafted request uri-path
    [2.4.37-42]
  • Resolves: #2007235 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
    a crafted request uri-path
  • Resolves: #2014063 - CVE-2021-26691 httpd:2.4/httpd: Heap overflow in
    mod_session
    [2.4.37-41]
  • Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS records
  • Resolves: #1905613 - mod_ssl does not like valid certificate chain
  • Resolves: #1935742 - [RFE] backport samesite/httponly/secure flags for
    usertrack
  • Resolves: #1972500 - CVE-2021-30641 httpd:2.4/httpd: MergeSlashes regression
  • Resolves: #1968307 - CVE-2021-26690 httpd:2.4/httpd: mod_session NULL pointer
    dereference in parser
  • Resolves: #1934741 - Apache trademark update - new logo
    [2.4.37-40]
  • Resolves: #1952557 - mod_proxy_wstunnel.html is a malformed XML
  • Resolves: #1937334 - SSLProtocol with based virtual hosts
    mod_http2
    [1.15.7-3]
  • Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd:
    mod_http2 concurrent pool usage
    mod_md
    [1:2.0.8-8]
  • Resolves: #1832844 - mod_md does not work with ACME server that does not
    provide keyChange or revokeCert resources

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Related for ELSA-2021-4537