9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.6 High
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.831 High
EPSS
Percentile
98.4%
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
The following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)
Security Fix(es):
httpd: memory corruption on early pushes (CVE-2019-10081)
httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)
httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)
httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)
httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)
httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)
httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)
httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)
httpd: mod_rewrite potential open redirect (CVE-2019-10098)
httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.
bugzilla.redhat.com/show_bug.cgi?id=1209162
bugzilla.redhat.com/show_bug.cgi?id=1668497
bugzilla.redhat.com/show_bug.cgi?id=1695030
bugzilla.redhat.com/show_bug.cgi?id=1695042
bugzilla.redhat.com/show_bug.cgi?id=1743956
bugzilla.redhat.com/show_bug.cgi?id=1743959
bugzilla.redhat.com/show_bug.cgi?id=1743966
bugzilla.redhat.com/show_bug.cgi?id=1743974
bugzilla.redhat.com/show_bug.cgi?id=1743996
bugzilla.redhat.com/show_bug.cgi?id=1771847
bugzilla.redhat.com/show_bug.cgi?id=1814236
bugzilla.redhat.com/show_bug.cgi?id=1820761
bugzilla.redhat.com/show_bug.cgi?id=1820772
bugzilla.redhat.com/show_bug.cgi?id=1832844
errata.rockylinux.org/RLSA-2020:4751
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.6 High
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.831 High
EPSS
Percentile
98.4%