Lucene search
OracleLinuxELSA-2022-0143HistoryJan 18, 2022 - 12:00 a.m.
httpd security update
2022-01-1800:00:00
linux.oracle.com
35
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
[2.4.6-97.0.5.4]
- mod_session: save one apr_strtok() [Orabug: 33338149][CVE-2021-26690]
- replace index.html with Oracle’s index page oracle_index.html
[2.4.6-97.4] - Resolves: #2031072 - CVE-2021-34798 httpd: NULL pointer dereference via
malformed requests - Resolves: #2031074 - CVE-2021-39275 httpd: out-of-bounds write in
ap_escape_quotes() via malicious input - Resolves: #1969226 - CVE-2021-26691 httpd: Heap overflow in mod_session
[2.4.6-97.3] - Resolves: #2035058 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow
when parsing multipart content
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 7 | src | httpd | < 2.4.6-97.0.5.el7_9.4 | httpd-2.4.6-97.0.5.el7_9.4.src.rpm |
| oracle linux | 7 | aarch64 | httpd | < 2.4.6-97.0.5.el7_9.4 | httpd-2.4.6-97.0.5.el7_9.4.aarch64.rpm |
| oracle linux | 7 | aarch64 | httpd-devel | < 2.4.6-97.0.5.el7_9.4 | httpd-devel-2.4.6-97.0.5.el7_9.4.aarch64.rpm |
| oracle linux | 7 | noarch | httpd-manual | < 2.4.6-97.0.5.el7_9.4 | httpd-manual-2.4.6-97.0.5.el7_9.4.noarch.rpm |
| oracle linux | 7 | aarch64 | httpd-tools | < 2.4.6-97.0.5.el7_9.4 | httpd-tools-2.4.6-97.0.5.el7_9.4.aarch64.rpm |
| oracle linux | 7 | aarch64 | mod_ldap | < 2.4.6-97.0.5.el7_9.4 | mod_ldap-2.4.6-97.0.5.el7_9.4.aarch64.rpm |
| oracle linux | 7 | aarch64 | mod_proxy_html | < 2.4.6-97.0.5.el7_9.4 | mod_proxy_html-2.4.6-97.0.5.el7_9.4.aarch64.rpm |
| oracle linux | 7 | aarch64 | mod_session | < 2.4.6-97.0.5.el7_9.4 | mod_session-2.4.6-97.0.5.el7_9.4.aarch64.rpm |
| oracle linux | 7 | aarch64 | mod_ssl | < 2.4.6-97.0.5.el7_9.4 | mod_ssl-2.4.6-97.0.5.el7_9.4.aarch64.rpm |
| oracle linux | 7 | src | httpd | < 2.4.6-97.0.5.el7_9.4 | httpd-2.4.6-97.0.5.el7_9.4.src.rpm |
Related
nessus
nessus
Scientific Linux Security Update : httpd on SL7.x x86_64 (2022:0143)
2022-01-18 00:00:00
RHEL 7 : httpd (RHSA-2022:0143)
2022-01-17 00:00:00
openvas
openvas
CentOS: Security Advisory for httpd (CESA-2022:0143)
2022-01-26 00:00:00
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1074)
2023-01-09 00:00:00
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1167)
2022-02-24 00:00:00
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2022-01-25 17:31:14
redhat
redhat
(RHSA-2022:0143) Important: httpd security update
2022-01-17 08:16:34
(RHSA-2022:0891) Moderate: httpd:2.4 security update
2022-03-15 09:10:44
(RHSA-2022:0258) Important: httpd:2.4 security update
2022-01-25 12:49:42
ibm
ibm
Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to buffer overflow and denial of service (CVE-2021-44790, CVE-2021-34798, CVE-2021-39275)
2022-02-28 17:37:14
rosalinux
rosalinux
Advisory ROSA-SA-2023-2158
2023-04-25 11:30:17
osv
osv
Moderate: httpd:2.4 security update
2022-03-15 09:10:44
Moderate: httpd:2.4 security update
2022-03-15 09:10:44
apache2 vulnerabilities
2021-09-27 16:46:11
oraclelinux
oraclelinux
httpd:2.4 security update
2022-01-06 00:00:00
httpd:2.4 security update
2022-03-16 00:00:00
httpd security update
2021-12-16 00:00:00
almalinux
almalinux
Moderate: httpd:2.4 security update
2022-03-15 09:10:44
Important: httpd:2.4 security update
2022-01-25 12:49:42
rocky
rocky
httpd:2.4 security update
2022-03-15 09:10:44
httpd:2.4 security update
2022-01-25 12:49:42
debian
debian
[SECURITY] [DLA 2776-1] apache2 security update
2021-10-02 16:07:56
[SECURITY] [DSA 4982-1] apache2 security update
2021-10-08 20:56:04
ics
ics
Siemens Apache HTTP Server (Update A)
2022-10-13 12:00:00
Mitsubishi Electric MELSOFT iQ AppPortal
2022-05-12 12:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2021-09-27 00:00:00
Apache HTTP Server vulnerabilities
2021-09-27 00:00:00
Apache HTTP Server regression
2021-09-28 00:00:00
suse
suse
Security update for apache2 (important)
2021-11-02 00:00:00
Security update for apache2 (important)
2021-10-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 1:2.4.49-alt1
2021-09-23 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.49-alt1
2021-10-04 00:00:00
Security fix for the ALT Linux 9 package apache2 version 1:2.4.48-alt3.1
2021-07-22 00:00:00
kaspersky
kaspersky
KLA12370 Multiple vulnerabilities in Apache HTTP Server
2021-09-16 00:00:00
freebsd
freebsd
Apache httpd -- multiple vulnerabilities
2021-09-16 00:00:00
mageia
mageia
Updated apache packages fix security vulnerability
2021-09-23 07:49:29
cisco
cisco
photon
photon
Critical Photon OS Security Update - PHSA-2022-0142
2022-01-12 00:00:00
hackerone
hackerone
cbl_mariner
cbl_mariner
CVE-2021-44790 affecting package httpd 2.4.46-10
2022-04-09 06:51:57
CVE-2021-44790 affecting package httpd 2.4.51-1
2022-01-10 03:59:19
CVE-2021-34798 affecting package httpd 2.4.46-10
2022-04-09 06:51:57
cve
cve
f5
f5
K53280389 : Apache HTTP server vulnerability CVE-2021-44790
2021-12-29 00:00:00
K72382141 : Apache HTTPD vulnerability CVE-2021-34798
2021-10-13 00:00:00
K20622400 : Apache HTTP server vulnerability CVE-2021-39275
2021-10-25 00:00:00
debiancve
debiancve
slackware
slackware
[slackware-security] httpd
2021-09-17 04:22:20
veracode
veracode
Denial Of Service (DoS)
2021-09-19 21:02:16
Denial Of Service (DoS)
2021-09-20 15:14:40
Denial Of Service (DoS)
2021-06-13 03:24:47
cnvd
cnvd
Apache HTTP Server code issue vulnerability
2021-09-22 00:00:00
Apache HTTP Server ap_escape_quotes buffer overflow vulnerability
2021-09-18 00:00:00
Apache HTTP Server Buffer Overflow Vulnerability (CNVD-2021-102386)
2021-12-24 00:00:00
prion
prion
Null pointer dereference
2021-09-16 15:15:00
Input validation
2021-09-16 15:15:00
Buffer overflow
2021-12-20 12:15:00
redhatcve
redhatcve
alpinelinux
alpinelinux
httpd
httpd
Apache Httpd < 2.4.52 : Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
2021-12-20 00:00:00
Apache Httpd < 2.4.49 : NULL pointer dereference in httpd core
2021-09-16 00:00:00
Apache Httpd < 2.4.49 : ap_escape_quotes buffer overflow
2021-09-16 00:00:00
ubuntucve
ubuntucve
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-39275
2021-10-20 15:53:36
Fix of CVE: CVE-2021-39275
2021-10-11 15:13:18
zdt
zdt
Apache 2.4.x - Buffer Overflow Exploit
2023-04-02 00:00:00
packetstorm
packetstorm
Apache 2.4.x Buffer Overflow
2023-04-03 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related for ELSA-2022-0143