For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

httpd-init fails to create localhost.crt, localhost.key due to “sscg” default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. (BZ#2165975)

References

access.redhat.com/errata/RHSA-2023:0970

access.redhat.com/security/cve/CVE-2006-20001

access.redhat.com/security/cve/CVE-2022-36760

access.redhat.com/security/cve/CVE-2022-37436

bugzilla.redhat.com/2161773

bugzilla.redhat.com/2161774

bugzilla.redhat.com/2161777

errata.almalinux.org/9/ALSA-2023-0970.html

altlinux 2

nessus 59

openvas 34

oraclelinux 2

ubuntu 3

almalinux 2

osv 13

redhat 6

freebsd 1

fedora 2

kaspersky 1

rocky 2

redos 1

amazon 2

mageia 1

slackware 1

debian 2

ibm 13

gentoo 1

photon 2

prion 3

veracode 3

cvelist 3

vulnrichment 1

redhatcve 3

cloudlinux 2

cve 3

f5 3

nvd 3

ubuntucve 3

alpinelinux 3

cnvd 1

debiancve 3

cbl_mariner 4

broadcom 2

rosalinux 2

hp 1

qualysblog 1

ics 1

oracle 3

altlinux

Security fix for the ALT Linux 9 package apache2 version 1:2.4.55-alt1

2023-02-16 00:00:00

Security fix for the ALT Linux 10 package apache2 version 1:2.4.55-alt1

2023-02-07 00:00:00

nessus

RHEL 9 : httpd (RHSA-2023:0970)

2023-02-28 00:00:00

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current httpd Multiple Vulnerabilities (SSA:2023-018-02)

2023-01-18 00:00:00

AlmaLinux 9 : httpd (ALSA-2023:0970)

2023-02-28 00:00:00

openvas

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2240)

2023-06-12 00:00:00

Fedora: Security Advisory for httpd (FEDORA-2023-f6ff3f85eb)

2023-01-29 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:0321-1)

2023-02-10 00:00:00

oraclelinux

httpd:2.4 security and bug fix update

2023-02-22 00:00:00

httpd security and bug fix update

2023-02-28 00:00:00

ubuntu

Apache HTTP Server vulnerabilities

2023-02-01 00:00:00

Apache HTTP Server vulnerabilities

2023-01-31 00:00:00

Apache HTTP Server vulnerability

2023-02-02 00:00:00

almalinux

Moderate: httpd:2.4 security and bug fix update

2023-02-21 00:00:00

Moderate: httpd security and bug fix update

2023-02-28 00:00:00

osv

Moderate: httpd:2.4 security and bug fix update

2023-02-21 00:00:00

apache2 vulnerabilities

2023-02-01 13:09:22

Moderate: httpd:2.4 security and bug fix update

2023-02-22 01:08:53

redhat

(RHSA-2023:0852) Moderate: httpd:2.4 security and bug fix update

2023-02-21 08:48:58

(RHSA-2023:0970) Moderate: httpd security and bug fix update

2023-02-28 07:53:34

(RHSA-2023:4629) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

2023-08-15 17:35:29

freebsd

Apache httpd -- Multiple vulnerabilities

2023-01-17 00:00:00

fedora

[SECURITY] Fedora 36 Update: httpd-2.4.55-1.fc36

2023-02-03 01:42:01

[SECURITY] Fedora 37 Update: httpd-2.4.55-1.fc37

2023-01-28 01:27:38

kaspersky

KLA20167 Multiple vulnerabilities in Apache HTTP Server

2023-01-17 00:00:00

rocky

httpd security and bug fix update

2023-04-06 15:53:36

httpd:2.4 security and bug fix update

2023-02-22 01:08:53

redos

ROS-20240603-04

2024-06-03 00:00:00

amazon

Important: httpd

2023-02-17 00:10:00

Important: httpd24

2023-03-17 15:53:00

mageia

Updated apache packages fix security vulnerability

2023-02-07 03:06:39

slackware

[slackware-security] httpd

2023-01-18 06:23:09

debian

[SECURITY] [DLA 3351-1] apache2 security update

2023-03-03 16:35:17

[SECURITY] [DSA 5376-1] apache2 security update

2023-03-20 18:52:17

ibm

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting and denial of service attacks (CVE-2022-37436, CVE-2006-20001)

2023-04-19 15:11:52

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2022-36760 and CVE-2022-37436 ) affects Power HMC

2023-06-20 09:31:46

Security Bulletin: Multiple security vulnerabilities has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001]

2023-03-03 06:30:57

gentoo

Apache HTTPD: Multiple Vulnerabilities

2023-09-08 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0522

2023-01-31 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0325

2023-02-01 00:00:00

prion

Design/Logic Flaw

2023-01-17 20:15:00

Design/Logic Flaw

2023-01-17 20:15:00

Code injection

2023-01-17 20:15:00

veracode

Denial Of Service (DoS)

2023-01-20 06:55:49

HTTP Response Splitting

2023-01-21 12:15:11

HTTP Request Smuggling

2023-01-23 12:46:08

cvelist

CVE-2006-20001 Apache HTTP Server: mod_dav out of bounds read, or write of zero byte

2023-01-17 19:07:27

CVE-2022-37436 Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting

2023-01-17 19:12:59

CVE-2022-36760 Apache HTTP Server: mod_proxy_ajp Possible request smuggling

2023-01-17 19:11:55

vulnrichment

CVE-2006-20001 Apache HTTP Server: mod_dav out of bounds read, or write of zero byte

2023-01-17 19:07:27

redhatcve

CVE-2006-20001

2023-01-18 19:05:06

CVE-2022-37436

2023-01-18 19:05:38

CVE-2022-36760

2023-01-18 19:05:48

cloudlinux

httpd: Fix of CVE-2006-20001

2023-03-06 21:06:33

httpd: Fix of CVE-2022-36760

2023-01-30 20:52:19

cve

CVE-2006-20001

2023-01-17 20:15:11

CVE-2022-37436

2023-01-17 20:15:11

CVE-2022-36760

2023-01-17 20:15:11

K000132525 : Apache vulnerability CVE-2006-20001

2023-02-14 00:00:00

K000132643 : Apache HTTP server vulnerability CVE-2022-36760

2023-02-22 00:00:00

K000132665 : Apache HTTPD vulnerability CVE-2022-37436

2023-02-22 00:00:00

nvd

CVE-2006-20001

2023-01-17 20:15:11

CVE-2022-37436

2023-01-17 20:15:11

CVE-2022-36760

2023-01-17 20:15:11

ubuntucve

CVE-2006-20001

2023-01-17 00:00:00

CVE-2022-36760

2023-01-17 00:00:00

CVE-2022-37436

2023-01-17 00:00:00

alpinelinux

CVE-2006-20001

2023-01-17 20:15:11

CVE-2022-36760

2023-01-17 20:15:11

CVE-2022-37436

2023-01-17 20:15:11

cnvd

Apache HTTP Server Buffer Overflow Vulnerability (CNVD-2023-80558)

2023-10-19 00:00:00

debiancve

CVE-2006-20001

2023-01-17 20:15:11

CVE-2022-37436

2023-01-17 20:15:11

CVE-2022-36760

2023-01-17 20:15:11

cbl_mariner

CVE-2022-37436 affecting package httpd for versions less than 2.4.55-1

2023-02-14 20:36:06

CVE-2022-37436 affecting package httpd 2.4.54-1

2023-02-14 02:35:58

CVE-2022-36760 affecting package httpd 2.4.54-1

2023-02-14 02:35:58

broadcom

mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting

2023-06-12 00:00:00

CVE-2022-36760 - HTTP Request Smuggling

2023-05-02 00:00:00

rosalinux

Advisory ROSA-SA-2023-2161

2023-05-03 11:17:19

Advisory ROSA-SA-2023-2159

2023-04-25 11:49:15

HP Device Manager Security Updates

2023-04-13 00:00:00

qualysblog

Oracle Patch Tuesday April 2023 Security Update Review

2023-04-19 11:47:21

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.023

Percentile

90.0%

JSON

Related for OSV:ALSA-2023:0970