httpd:2.4 security update

🗓️ 11 Nov 2021 00:00:00Reported by OracleLinuxType

oraclelinux

oraclelinux🔗 linux.oracle.com👁 55 Views

Update for httpd 2.4 to fix mod_session vulnerabilit

Reporter	Title	Published	Views	Family All 182
IBM Security Bulletins	Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-31618, CVE-2020-13950, CVE-2019-17567, CVE-2020-26691, CVE-2021-26690, CVE-2020-13938, CVE-2021-30641, CVE-2020-35452)	29 Apr 202502:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2020-13938, CVE-2021-30641, CVE-2021-26690, CVE-2021-26691)	16 Sep 202106:03	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-26690, CVE-2021-26691)	2 Jul 202113:49	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server	28 Jun 202115:35	–	ibm
IBM Security Bulletins	WebSphere Application Server and IBM HTTP Server Security Bulletin List	13 Jul 202218:04	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-26690, CVE-2021-26691)	30 Jul 202105:03	–	ibm
Tenable Nessus	Amazon Linux 2 : httpd (ALAS-2021-1659)	24 Jun 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : httpd (ALAS-2021-1674)	1 Jul 202100:00	–	nessus
Tenable Nessus	Amazon Linux AMI : httpd24 (ALAS-2021-1514)	13 Jul 202100:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0017: httpd:2.4 (ALINUX3-SA-2022:0017)	14 May 202500:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
oracle linux	8	src	httpd	2.4.37-39.0.2.module	httpd-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.src.rpm
oracle linux	8	src	mod_http2	1.15.7-3.module	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.src.rpm
oracle linux	8	src	mod_md	2.0.8-8.module	mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.src.rpm
oracle linux	8	aarch64	httpd	2.4.37-39.0.2.module	httpd-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.aarch64.rpm
oracle linux	8	aarch64	httpd-devel	2.4.37-39.0.2.module	httpd-devel-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.aarch64.rpm
oracle linux	8	noarch	httpd-filesystem	2.4.37-39.0.2.module	httpd-filesystem-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.noarch.rpm
oracle linux	8	noarch	httpd-manual	2.4.37-39.0.2.module	httpd-manual-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.noarch.rpm
oracle linux	8	aarch64	httpd-tools	2.4.37-39.0.2.module	httpd-tools-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.aarch64.rpm
oracle linux	8	aarch64	mod_http2	1.15.7-3.module	mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.aarch64.rpm
oracle linux	8	aarch64	mod_ldap	2.4.37-39.0.2.module	mod_ldap-2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1.aarch64.rpm

11 Nov 2021 00:00Current

8.9High risk

Vulners AI Score8.9

CVSS 25

CVSS 3.17.5

EPSS0.60353

httpd security update mod_session orabug cve-2021-26690 unix