httpd security update

🗓️ 05 Apr 2023 00:00:00Reported by OracleLinuxType

oraclelinux

oraclelinux🔗 linux.oracle.com👁 92 Views

httpd security update including mod_proxy and mod_session patches, index.html replacemen

Reporter	Title	Published	Views	Family All 652
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)	21 Mar 202310:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server	25 Jul 202215:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-31618, CVE-2020-13950, CVE-2019-17567, CVE-2020-26691, CVE-2021-26690, CVE-2020-13938, CVE-2021-30641, CVE-2020-35452)	29 Apr 202502:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690).	29 Aug 202321:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server	31 Aug 202319:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to CVE-2022-29404, CVE-2022-30522, CVE-2022-30556 and CVE-2022-31813	7 Nov 202211:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690)	4 Apr 202316:02	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-25690]	28 Mar 202307:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager.	26 Sep 202218:30	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
oracle linux	7	src	httpd	2.4.6-98.0.3.el7_9.7	httpd-2.4.6-98.0.3.el7_9.7.src.rpm
oracle linux	7	aarch64	httpd	2.4.6-98.0.3.el7_9.7	httpd-2.4.6-98.0.3.el7_9.7.aarch64.rpm
oracle linux	7	aarch64	httpd-devel	2.4.6-98.0.3.el7_9.7	httpd-devel-2.4.6-98.0.3.el7_9.7.aarch64.rpm
oracle linux	7	noarch	httpd-manual	2.4.6-98.0.3.el7_9.7	httpd-manual-2.4.6-98.0.3.el7_9.7.noarch.rpm
oracle linux	7	aarch64	httpd-tools	2.4.6-98.0.3.el7_9.7	httpd-tools-2.4.6-98.0.3.el7_9.7.aarch64.rpm
oracle linux	7	aarch64	mod_ldap	2.4.6-98.0.3.el7_9.7	mod_ldap-2.4.6-98.0.3.el7_9.7.aarch64.rpm
oracle linux	7	aarch64	mod_proxy_html	2.4.6-98.0.3.el7_9.7	mod_proxy_html-2.4.6-98.0.3.el7_9.7.aarch64.rpm
oracle linux	7	aarch64	mod_session	2.4.6-98.0.3.el7_9.7	mod_session-2.4.6-98.0.3.el7_9.7.aarch64.rpm
oracle linux	7	aarch64	mod_ssl	2.4.6-98.0.3.el7_9.7	mod_ssl-2.4.6-98.0.3.el7_9.7.aarch64.rpm
oracle linux	7	src	httpd	2.4.6-98.0.3.el7_9.7	httpd-2.4.6-98.0.3.el7_9.7.src.rpm

05 Apr 2023 00:00Current

9.3High risk

Vulners AI Score9.3

CVSS 27.5

CVSS 3.19.8

EPSS0.67011

httpd security update mod_proxy mod_session index.html cve-2022-31813 orabug cve-2021-26690 resolves http request splitting mod_rewrite