Lucene search
OracleLinuxELSA-2023-6403HistoryNov 11, 2023 - 12:00 a.m.
httpd and mod_http2 security, bug fix, and enhancement update
2023-11-1100:00:00
linux.oracle.com
10
httpd
mod_http2
security
bug fix
enhancement
oracle
covscan
propfind
mod_status
mod_authnz_fcgi
rebase
cve-2023-25690
mod_rewrite
mod_proxy
unix
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.6 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.019 Low
EPSS
Percentile
88.5%
httpd
[2.4.57-5.0.1]
- Replace index.html with Oracle’s index page oracle_index.html.
[2.4.57-5] - Fix issue found by covscan
- Related: #2222001
[2.4.57-4] - Resolves: #2217726 - Make PROPFIND tolerant of deletion race
[2.4.57-3] - Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice
[2.4.57-2] - Resolves: #2186645 - Fix issue found by covscan in httpd package
- Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi
[2.4.57-1] - Resolves: #2184403 - rebase httpd to 2.4.57
- Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy
mod_http2
[1.15.19-5] - Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 9 | src | httpd | < 2.4.57-5.0.1.el9 | httpd-2.4.57-5.0.1.el9.src.rpm |
| oracle linux | 9 | src | mod_http2 | < 1.15.19-5.el9 | mod_http2-1.15.19-5.el9.src.rpm |
| oracle linux | 9 | aarch64 | httpd | < 2.4.57-5.0.1.el9 | httpd-2.4.57-5.0.1.el9.aarch64.rpm |
| oracle linux | 9 | aarch64 | httpd-core | < 2.4.57-5.0.1.el9 | httpd-core-2.4.57-5.0.1.el9.aarch64.rpm |
| oracle linux | 9 | aarch64 | httpd-devel | < 2.4.57-5.0.1.el9 | httpd-devel-2.4.57-5.0.1.el9.aarch64.rpm |
| oracle linux | 9 | noarch | httpd-filesystem | < 2.4.57-5.0.1.el9 | httpd-filesystem-2.4.57-5.0.1.el9.noarch.rpm |
| oracle linux | 9 | noarch | httpd-manual | < 2.4.57-5.0.1.el9 | httpd-manual-2.4.57-5.0.1.el9.noarch.rpm |
| oracle linux | 9 | aarch64 | httpd-tools | < 2.4.57-5.0.1.el9 | httpd-tools-2.4.57-5.0.1.el9.aarch64.rpm |
| oracle linux | 9 | aarch64 | mod_http2 | < 1.15.19-5.el9 | mod_http2-1.15.19-5.el9.aarch64.rpm |
| oracle linux | 9 | aarch64 | mod_ldap | < 2.4.57-5.0.1.el9 | mod_ldap-2.4.57-5.0.1.el9.aarch64.rpm |
Related
nessus
nessus
CBL Mariner 2.0 Security Update: httpd (CVE-2023-27522)
2023-03-28 00:00:00
Oracle Linux 9 : httpd / and / mod_http2 (ELSA-2023-6403)
2023-11-16 00:00:00
CentOS 8 : httpd:2.4 (CESA-2023:5050)
2023-09-11 00:00:00
veracode
veracode
HTTP Request Smuggling
2023-03-09 10:25:21
rocky
rocky
httpd:2.4 security update
2023-09-19 12:09:00
redhat
redhat
(RHSA-2023:5049) Moderate: httpd:2.4 security update
2023-09-11 12:37:03
(RHSA-2023:6403) Moderate: httpd and mod_http2 security, bug fix, and enhancement update
2023-11-07 06:04:24
(RHSA-2023:5050) Moderate: httpd:2.4 security update
2023-09-11 12:37:07
oraclelinux
oraclelinux
httpd:2.4 security update
2023-09-12 00:00:00
osv
osv
Moderate: httpd and mod_http2 security, bug fix, and enhancement update
2023-11-07 00:00:00
CVE-2023-27522
2023-03-07 16:15:09
BIT-apache-2023-27522
2024-03-06 10:51:05
openvas
openvas
Apache HTTP Server 2.4.30 - 2.4.55 HTTP Request Smuggling Vulnerability - Windows
2023-03-08 00:00:00
Fedora: Security Advisory for httpd (FEDORA-2023-7df48f618b)
2023-03-26 00:00:00
hackerone
hackerone
cbl_mariner
cbl_mariner
CVE-2023-27522 affecting package httpd for versions less than 2.4.56-1
2023-03-24 23:56:03
CVE-2023-27522 affecting package httpd 2.4.55-1
2023-04-07 04:59:28
almalinux
almalinux
Moderate: httpd and mod_http2 security, bug fix, and enhancement update
2023-11-07 00:00:00
Moderate: httpd:2.4 security update
2023-09-11 00:00:00
cve
cve
CVE-2023-27522
2023-03-07 16:15:09
redhatcve
redhatcve
CVE-2023-27522
2023-03-07 16:30:17
f5
f5
K000132965 : Apache vulnerability CVE-2023-27522
2023-03-14 00:00:00
debiancve
debiancve
CVE-2023-27522
2023-03-07 16:15:09
alpinelinux
alpinelinux
CVE-2023-27522
2023-03-07 16:15:09
github
github
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling
2023-03-07 18:30:39
prion
prion
Design/Logic Flaw
2023-03-07 16:15:00
ubuntucve
ubuntucve
CVE-2023-27522
2023-03-07 00:00:00
kaspersky
kaspersky
KLA48513 Multiple vulnerabilities in Apache HTTP Server
2023-03-07 00:00:00
mageia
mageia
Updated apache packages fix security vulnerability
2023-03-19 01:16:28
slackware
slackware
[slackware-security] httpd
2023-03-08 20:30:50
freebsd
freebsd
Apache httpd -- Multiple vulnerabilities
2023-03-08 00:00:00
amazon
amazon
Important: httpd
2023-03-17 16:34:00
Important: httpd24
2023-03-17 15:53:00
fedora
fedora
[SECURITY] Fedora 36 Update: httpd-2.4.56-1.fc36
2023-03-25 02:04:42
[SECURITY] Fedora 37 Update: httpd-2.4.56-1.fc37
2023-03-11 04:29:50
[SECURITY] Fedora 38 Update: httpd-2.4.56-1.fc38
2023-03-18 00:24:30
redos
redos
ROS-20230420-01
2023-04-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 1:2.4.56-alt1
2023-03-17 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2023-03-09 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0083
2023-08-30 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0461
2023-08-30 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0562
2023-04-05 00:00:00
debian
debian
[SECURITY] [DLA 3401-1] apache2 security update
2023-04-24 21:26:18
[SECURITY] [DSA 5376-1] apache2 security update
2023-03-20 18:52:41
gentoo
gentoo
Apache HTTPD: Multiple Vulnerabilities
2023-09-08 00:00:00
ibm
ibm
hp
hp
HP Device Manager Security Updates
2023-04-13 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.6 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.019 Low
EPSS
Percentile
88.5%
Related for ELSA-2023-6403