httpd and mod_http2 security, bug fix, and enhancement update

🗓️ 11 Nov 2023 00:00:00Reported by OracleLinuxType

oraclelinux

oraclelinux🔗 linux.oracle.com👁 54 Views

httpd and mod_http2 security update, bug fix, and enhancemen

Reporter	Title	Published	Views	Family All 354
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)	21 Mar 202310:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities	1 Nov 202310:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690).	29 Aug 202321:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.0.1	16 Nov 202315:21	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server	31 Aug 202319:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690)	4 Apr 202316:02	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-25690]	28 Mar 202307:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities have been identified in OpenSSL, Apache HTTP Server and other system libraries shipped with the DS8000 Hardware Management Console (HMC)	12 Jul 202311:03	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak System is vulnerable to HTTP request splitting attack.	1 Oct 202419:35	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
oracle linux	9	src	httpd	2.4.57-5.0.1.el9	httpd-2.4.57-5.0.1.el9.src.rpm
oracle linux	9	src	mod_http2	1.15.19-5.el9	mod_http2-1.15.19-5.el9.src.rpm
oracle linux	9	aarch64	httpd	2.4.57-5.0.1.el9	httpd-2.4.57-5.0.1.el9.aarch64.rpm
oracle linux	9	aarch64	httpd-core	2.4.57-5.0.1.el9	httpd-core-2.4.57-5.0.1.el9.aarch64.rpm
oracle linux	9	aarch64	httpd-devel	2.4.57-5.0.1.el9	httpd-devel-2.4.57-5.0.1.el9.aarch64.rpm
oracle linux	9	noarch	httpd-filesystem	2.4.57-5.0.1.el9	httpd-filesystem-2.4.57-5.0.1.el9.noarch.rpm
oracle linux	9	noarch	httpd-manual	2.4.57-5.0.1.el9	httpd-manual-2.4.57-5.0.1.el9.noarch.rpm
oracle linux	9	aarch64	httpd-tools	2.4.57-5.0.1.el9	httpd-tools-2.4.57-5.0.1.el9.aarch64.rpm
oracle linux	9	aarch64	mod_http2	1.15.19-5.el9	mod_http2-1.15.19-5.el9.aarch64.rpm
oracle linux	9	aarch64	mod_ldap	2.4.57-5.0.1.el9	mod_ldap-2.4.57-5.0.1.el9.aarch64.rpm

11 Nov 2023 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 3.17.5 - 9.8

EPSS0.67011

SSVC

httpd mod_http2 security bug fix enhancement oracle covscan propfind mod_status mod_authnz_fcgi rebase cve-2023-25690 mod_rewrite mod_proxy unix