httpd and mod_http2 security update

🗓️ 06 Apr 2023 00:00:00Reported by OracleLinuxType

httpd and mod_http2 security update. Replace index.html with Oracle's index page. Resolves HTTP request splitting with mod_rewrite and mod_proxy. Resolves possible NULL dereference or SSRF in forward proxy configurations

Reporter	Title	Published	Views	Family All 456
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)	21 Mar 202310:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690).	29 Aug 202321:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server	31 Aug 202319:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690)	4 Apr 202316:02	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-25690]	28 Mar 202307:48	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-44790, CVE-2021-44224)	1 Apr 202210:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2021-44790, CVE-2021-44224)	16 Mar 202208:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server (powered by Apache) for i is vulnerable to CVE-2021-44224	28 Feb 202223:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-44224)	17 Jan 202218:32	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
oracle linux	9	src	httpd	2.4.53-7.0.1.el9_1.5	httpd-2.4.53-7.0.1.el9_1.5.src.rpm
oracle linux	9	src	mod_http2	1.15.19-3.el9_1.5	mod_http2-1.15.19-3.el9_1.5.src.rpm
oracle linux	9	aarch64	httpd	2.4.53-7.0.1.el9_1.5	httpd-2.4.53-7.0.1.el9_1.5.aarch64.rpm
oracle linux	9	aarch64	httpd-core	2.4.53-7.0.1.el9_1.5	httpd-core-2.4.53-7.0.1.el9_1.5.aarch64.rpm
oracle linux	9	aarch64	httpd-devel	2.4.53-7.0.1.el9_1.5	httpd-devel-2.4.53-7.0.1.el9_1.5.aarch64.rpm
oracle linux	9	noarch	httpd-filesystem	2.4.53-7.0.1.el9_1.5	httpd-filesystem-2.4.53-7.0.1.el9_1.5.noarch.rpm
oracle linux	9	noarch	httpd-manual	2.4.53-7.0.1.el9_1.5	httpd-manual-2.4.53-7.0.1.el9_1.5.noarch.rpm
oracle linux	9	aarch64	httpd-tools	2.4.53-7.0.1.el9_1.5	httpd-tools-2.4.53-7.0.1.el9_1.5.aarch64.rpm
oracle linux	9	aarch64	mod_http2	1.15.19-3.el9_1.5	mod_http2-1.15.19-3.el9_1.5.aarch64.rpm
oracle linux	9	aarch64	mod_ldap	2.4.53-7.0.1.el9_1.5	mod_ldap-2.4.53-7.0.1.el9_1.5.aarch64.rpm

06 Apr 2023 00:00Current

9.3High risk

Vulners AI Score9.3

CVSS 26.4

CVSS 3.19.8

EPSS0.67011