Lucene search

K
oraclelinuxOracleLinuxELSA-2022-8067
HistoryNov 22, 2022 - 12:00 a.m.

httpd security, bug fix, and enhancement update

2022-11-2200:00:00
linux.oracle.com
23

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.348 Low

EPSS

Percentile

97.1%

[2.4.53-7.0.1]

  • Replace index.html with Oracles index page oracle_index.html.
    [2.4.53-7]
  • Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request
    smuggling
  • Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in
    ap_strcmp_match()
  • Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped
    by hop-by-hop mechanism
  • Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()
  • Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody
  • Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability
  • Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure
    with websockets
    [2.4.53-6]
  • Related: #2065677 - httpd minimisation for ubi-micro
    [2.4.53-5]
  • Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove()
    [2.4.53-4]
  • Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert()
    [2.4.53-3]
  • Resolves: #2065677 - httpd minimisation for ubi-micro
  • minimize httpd dependencies (new httpd-core package)
  • mod_systemd and mod_brotli are now packaged in the main httpd package
    [2.4.53-1]
  • new version 2.4.53
  • Resolves: #2079939 - httpd rebase to 2.4.53
  • Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending
    with core
    [2.4.51-8]
  • Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using
    SetEnv or PassEnv

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.348 Low

EPSS

Percentile

97.1%