7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.831 High
EPSS
Percentile
98.3%
The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.
Security Fix(es):
httpd: mod_session_cookie does not respect expiry time (CVE-2018-17199)
httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217)
httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)
httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)
httpd: URL normalization inconsistency (CVE-2019-0220)
httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
ExtendedStatus Off
directive when using mod_systemd causes systemctl to hang (BZ#1669213)
httpd can not be started with mod_md enabled (BZ#1673019)
Rebuild metapackage with latest scl-utils (BZ#1696527)
fix a regression introduced in r1740928 (BZ#1707636)
duplicated cookie in Apache httpd with mod_session (BZ#1725922)
Unexpected OCSP in proxy SSL connection (BZ#1744120)
Enhancement(s):
Additional Changes:
For detailed information on changes in this release, see the Red Hat Software Collections 3.4 Release Notes linked from the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | ppc64le | httpd24-mod_proxy_html | < 2.4.34-15.el7 | httpd24-mod_proxy_html-2.4.34-15.el7.ppc64le.rpm |
RedHat | 7 | s390x | httpd24-mod_session | < 2.4.34-15.el7 | httpd24-mod_session-2.4.34-15.el7.s390x.rpm |
RedHat | 7 | aarch64 | httpd24-httpd-devel | < 2.4.34-15.el7 | httpd24-httpd-devel-2.4.34-15.el7.aarch64.rpm |
RedHat | 7 | ppc64le | httpd24-mod_ldap | < 2.4.34-15.el7 | httpd24-mod_ldap-2.4.34-15.el7.ppc64le.rpm |
RedHat | 7 | s390x | httpd24-mod_ldap | < 2.4.34-15.el7 | httpd24-mod_ldap-2.4.34-15.el7.s390x.rpm |
RedHat | 7 | ppc64le | httpd24-nghttp2-debuginfo | < 1.7.1-8.el7 | httpd24-nghttp2-debuginfo-1.7.1-8.el7.ppc64le.rpm |
RedHat | 6 | x86_64 | httpd24-httpd-tools | < 2.4.34-15.el6 | httpd24-httpd-tools-2.4.34-15.el6.x86_64.rpm |
RedHat | 7 | ppc64le | httpd24-httpd | < 2.4.34-15.el7 | httpd24-httpd-2.4.34-15.el7.ppc64le.rpm |
RedHat | 7 | x86_64 | httpd24-httpd-debuginfo | < 2.4.34-15.el7 | httpd24-httpd-debuginfo-2.4.34-15.el7.x86_64.rpm |
RedHat | 7 | x86_64 | httpd24-nghttp2 | < 1.7.1-8.el7 | httpd24-nghttp2-1.7.1-8.el7.x86_64.rpm |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.831 High
EPSS
Percentile
98.3%