Lucene search
OracleLinuxELSA-2023-1670HistoryApr 06, 2023 - 12:00 a.m.
httpd and mod_http2 security update
2023-04-0600:00:00
linux.oracle.com
23
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.044 Low
EPSS
Percentile
91.4%
httpd
[2.4.53-7.0.1.5]
- Replace index.html with Oracle’s index page oracle_index.html.
[2.4.53-7.5] - Resolves: #2177751 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy
mod_http2
[1.15.19-3.5] - Resolves: #2177751 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy
[1.15.19-3] - Resolves: #2066311 - CVE-2021-44224 httpd: possible NULL dereference or SSRF
in forward proxy configurations
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 9 | src | httpd | < 2.4.53-7.0.1.el9_1.5 | httpd-2.4.53-7.0.1.el9_1.5.src.rpm |
| oracle linux | 9 | src | mod_http2 | < 1.15.19-3.el9_1.5 | mod_http2-1.15.19-3.el9_1.5.src.rpm |
| oracle linux | 9 | aarch64 | httpd | < 2.4.53-7.0.1.el9_1.5 | httpd-2.4.53-7.0.1.el9_1.5.aarch64.rpm |
| oracle linux | 9 | aarch64 | httpd-core | < 2.4.53-7.0.1.el9_1.5 | httpd-core-2.4.53-7.0.1.el9_1.5.aarch64.rpm |
| oracle linux | 9 | aarch64 | httpd-devel | < 2.4.53-7.0.1.el9_1.5 | httpd-devel-2.4.53-7.0.1.el9_1.5.aarch64.rpm |
| oracle linux | 9 | noarch | httpd-filesystem | < 2.4.53-7.0.1.el9_1.5 | httpd-filesystem-2.4.53-7.0.1.el9_1.5.noarch.rpm |
| oracle linux | 9 | noarch | httpd-manual | < 2.4.53-7.0.1.el9_1.5 | httpd-manual-2.4.53-7.0.1.el9_1.5.noarch.rpm |
| oracle linux | 9 | aarch64 | httpd-tools | < 2.4.53-7.0.1.el9_1.5 | httpd-tools-2.4.53-7.0.1.el9_1.5.aarch64.rpm |
| oracle linux | 9 | aarch64 | mod_http2 | < 1.15.19-3.el9_1.5 | mod_http2-1.15.19-3.el9_1.5.aarch64.rpm |
| oracle linux | 9 | aarch64 | mod_ldap | < 2.4.53-7.0.1.el9_1.5 | mod_ldap-2.4.53-7.0.1.el9_1.5.aarch64.rpm |
Related
nessus
nessus
Oracle Linux 9 : httpd / and / mod_http2 (ELSA-2023-1670)
2023-04-06 00:00:00
CentOS 8 : httpd:2.4 (CESA-2023:1673)
2023-04-07 00:00:00
CentOS 9 : httpd-2.4.57-2.el9
2024-02-29 00:00:00
rocky
rocky
httpd and mod_http2 security update
2023-04-12 01:41:37
httpd:2.4 security update
2023-04-12 01:40:50
httpd bug fix update
2023-05-25 19:53:09
redhat
redhat
(RHSA-2023:1672) Important: httpd:2.4 security update
2023-04-06 16:01:56
(RHSA-2023:1597) Important: httpd:2.4 security update
2023-04-04 09:17:16
(RHSA-2023:1547) Important: httpd:2.4 security update
2023-04-03 15:43:23
cbl_mariner
cbl_mariner
CVE-2023-25690 affecting package httpd for versions less than 2.4.56-1
2023-03-24 23:56:03
CVE-2023-25690 affecting package httpd 2.4.55-1
2023-04-07 04:59:28
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:0803-1)
2023-03-28 00:00:00
Ubuntu: Security Advisory (USN-5942-2)
2023-03-23 00:00:00
ibm
ibm
ubuntu
ubuntu
Apache HTTP Server vulnerability
2023-03-22 00:00:00
Apache HTTP Server vulnerabilities
2023-03-09 00:00:00
cve
cve
CVE-2023-25690
2023-03-07 16:15:09
githubexploit
githubexploit
Exploit for HTTP Request Smuggling in Apache Http Server
2023-05-22 03:06:31
Exploit for HTTP Request Smuggling in Apache Http Server
2023-12-04 16:58:53
prion
prion
Design/Logic Flaw
2023-03-07 16:15:00
osv
osv
Important: httpd and mod_http2 security update
2023-04-12 01:41:37
CVE-2023-25690
2023-03-07 16:15:09
Important: httpd:2.4 security update
2023-04-12 01:40:50
oraclelinux
oraclelinux
httpd security update
2023-04-05 00:00:00
httpd:2.4 security update
2023-04-07 00:00:00
debiancve
debiancve
CVE-2023-25690
2023-03-07 16:15:09
almalinux
almalinux
Important: httpd and mod_http2 security update
2023-04-06 00:00:00
Important: httpd:2.4 security update
2023-04-06 00:00:00
veracode
veracode
HTTP Request Smuggling
2023-03-11 00:19:43
alpinelinux
alpinelinux
CVE-2023-25690
2023-03-07 16:15:09
zdt
zdt
Apache 2.4.55 mod_proxy HTTP Request Smuggling Exploit
2024-01-02 00:00:00
packetstorm
packetstorm
Apache 2.4.55 mod_proxy HTTP Request Smuggling
2024-01-02 00:00:00
f5
f5
K000133098 : Apache vulnerability CVE-2023-25690
2023-03-22 00:00:00
redhatcve
redhatcve
CVE-2023-25690
2023-03-07 16:30:07
ubuntucve
ubuntucve
CVE-2023-25690
2023-03-07 00:00:00
slackware
slackware
[slackware-security] httpd
2023-03-08 20:30:50
amazon
amazon
Important: httpd
2023-03-17 16:34:00
Important: httpd24
2023-03-17 15:53:00
freebsd
freebsd
Apache httpd -- Multiple vulnerabilities
2023-03-08 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: httpd-2.4.56-1.fc36
2023-03-25 02:04:42
[SECURITY] Fedora 38 Update: httpd-2.4.56-1.fc38
2023-03-18 00:24:30
[SECURITY] Fedora 37 Update: httpd-2.4.56-1.fc37
2023-03-11 04:29:50
kaspersky
kaspersky
KLA48513 Multiple vulnerabilities in Apache HTTP Server
2023-03-07 00:00:00
debian
debian
[SECURITY] [DLA 3401-1] apache2 security update
2023-04-24 21:26:18
[SECURITY] [DSA 5376-1] apache2 security update
2023-03-20 18:52:41
redos
redos
ROS-20230420-01
2023-04-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 1:2.4.56-alt1
2023-03-17 00:00:00
mageia
mageia
Updated apache packages fix security vulnerability
2023-03-19 01:16:28
adobe
adobe
APSB23-43 : Security update available for Adobe Experience Manager
2023-09-12 00:00:00
APSB23-31 : Security update available for Adobe Experience Manager
2023-06-13 00:00:00
APSB24-21 : Security update available for Adobe Experience Manager
2024-04-09 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0562
2023-04-05 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0370
2023-04-05 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2155
2023-04-18 12:09:43
Advisory ROSA-SA-2023-2158
2023-04-25 11:30:17
Advisory ROSA-SA-2023-2161
2023-05-03 11:17:19
gentoo
gentoo
Apache HTTPD: Multiple Vulnerabilities
2023-09-08 00:00:00
qualysblog
qualysblog
Oracle Patch Tuesday, July 2023 Security Update Review
2023-07-19 15:56:06
hp
hp
HP Device Manager Security Updates
2023-04-13 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.044 Low
EPSS
Percentile
91.4%
Related for ELSA-2023-1670