httpd security update

🗓️ 09 Jan 2026 00:00:00Reported by OracleLinuxType

Httpd security updates fix multiple CVEs across versions, add trusted sources checks, proxy hostname validation, and Oracle index page replacement.

Reporter	Title	Published	Views	Family All 2211
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)	21 Mar 202310:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server	25 Jul 202215:18	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in IBM HTTP Server used by WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2021-39275)	1 Oct 202102:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-31618, CVE-2020-13950, CVE-2019-17567, CVE-2020-26691, CVE-2021-26690, CVE-2020-13938, CVE-2021-30641, CVE-2020-35452)	29 Apr 202502:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690).	29 Aug 202321:19	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in httpd library (CVE-2025-58098, CVE-2025-65082, CVE-2025-66200) affect Power HMC.	31 Mar 202615:34	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.0.1	16 Nov 202315:21	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server	31 Aug 202319:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities	15 Apr 202503:18	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38475) affects Power HMC.	28 Jan 202522:08	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
oracle linux	7	src	httpd	2.4.6-99.0.9.el7_9.1	httpd-2.4.6-99.0.9.el7_9.1.src.rpm
oracle linux	7	x86_64	httpd	2.4.6-99.0.9.el7_9.1	httpd-2.4.6-99.0.9.el7_9.1.x86_64.rpm
oracle linux	7	x86_64	httpd-devel	2.4.6-99.0.9.el7_9.1	httpd-devel-2.4.6-99.0.9.el7_9.1.x86_64.rpm
oracle linux	7	noarch	httpd-manual	2.4.6-99.0.9.el7_9.1	httpd-manual-2.4.6-99.0.9.el7_9.1.noarch.rpm
oracle linux	7	x86_64	httpd-tools	2.4.6-99.0.9.el7_9.1	httpd-tools-2.4.6-99.0.9.el7_9.1.x86_64.rpm
oracle linux	7	x86_64	mod_ldap	2.4.6-99.0.9.el7_9.1	mod_ldap-2.4.6-99.0.9.el7_9.1.x86_64.rpm
oracle linux	7	x86_64	mod_proxy_html	2.4.6-99.0.9.el7_9.1	mod_proxy_html-2.4.6-99.0.9.el7_9.1.x86_64.rpm
oracle linux	7	x86_64	mod_session	2.4.6-99.0.9.el7_9.1	mod_session-2.4.6-99.0.9.el7_9.1.x86_64.rpm
oracle linux	7	x86_64	mod_ssl	2.4.6-99.0.9.el7_9.1	mod_ssl-2.4.6-99.0.9.el7_9.1.x86_64.rpm

09 Jan 2026 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 3.18.3

EPSS0.93858

SSVC