Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:1316
HistoryMar 18, 2024 - 4:18 p.m.

(RHSA-2024:1316) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP3 security update

2024-03-1816:18:02
access.redhat.com
22
red hat jboss core services
apache http server
security update
cve-2023-46218
cve-2023-46219
cve-2023-31122
cve-2023-6710
cve-2023-5678
unix

6.5 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.8%

JSON

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.

Security Fix(es):

  • curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)
  • curl: excessively long file name may lead to unknown HSTS status (CVE-2023-46219)
  • httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)
  • jbcs-httpd24-mod_proxy_cluster: mod_cluster/mod_proxy_cluster: Stored Cross site Scripting (CVE-2023-6710)
  • jbcs-httpd24-openssl: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)

A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64jbcs-httpd24-curl< 8.6.0-3.el7jbcsjbcs-httpd24-curl-8.6.0-3.el7jbcs.x86_64.rpm
RedHat8x86_64jbcs-httpd24-mod_md< 2.4.24-4.el8jbcsjbcs-httpd24-mod_md-2.4.24-4.el8jbcs.x86_64.rpm
RedHat8x86_64jbcs-httpd24-mod_security< 2.9.3-34.el8jbcsjbcs-httpd24-mod_security-2.9.3-34.el8jbcs.x86_64.rpm
RedHat8x86_64jbcs-httpd24-apr-util-odbc-debuginfo< 1.6.1-104.el8jbcsjbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-104.el8jbcs.x86_64.rpm
RedHat7noarchjbcs-httpd24-httpd-manual< 2.4.57-9.el7jbcsjbcs-httpd24-httpd-manual-2.4.57-9.el7jbcs.noarch.rpm
RedHat8x86_64jbcs-httpd24-apr-util< 1.6.1-104.el8jbcsjbcs-httpd24-apr-util-1.6.1-104.el8jbcs.x86_64.rpm
RedHat8x86_64jbcs-httpd24-libcurl-debuginfo< 8.6.0-3.el8jbcsjbcs-httpd24-libcurl-debuginfo-8.6.0-3.el8jbcs.x86_64.rpm
RedHat7x86_64jbcs-httpd24-apr-util-openssl< 1.6.1-104.el7jbcsjbcs-httpd24-apr-util-openssl-1.6.1-104.el7jbcs.x86_64.rpm
RedHat8x86_64jbcs-httpd24-openssl-chil< 1.0.0-20.el8jbcsjbcs-httpd24-openssl-chil-1.0.0-20.el8jbcs.x86_64.rpm
RedHat8x86_64jbcs-httpd24-openssl-libs< 1.1.1k-17.el8jbcsjbcs-httpd24-openssl-libs-1.1.1k-17.el8jbcs.x86_64.rpm
Rows per page:
1-10 of 1021

Related

nessus 50
redhat 5
mageia 1
openvas 42
cloudfoundry 1
debian 1
fedora 5
amazon 2
osv 14
ubuntu 3
photon 2
ibm 6
cve 4
debiancve 3
cgr 3
prion 4
cbl_mariner 6
alpinelinux 3
veracode 4
redhatcve 5
ubuntucve 3
nvd 4
f5 3
cvelist 4
oraclelinux 2
githubexploit 2
packetstorm 1
rosalinux 1
almalinux 2
rocky 1
zdt 1
hackerone 3
wolfi 2
exploitdb 1
aix 1
redos 2
cnvd 1
openssl 1
nessus
nessus
RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP3 (RHSA-2024:1316)
2024-03-18 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : curl vulnerabilities (USN-6535-1)
2023-12-06 00:00:00
EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2024-1524)
2024-04-19 00:00:00
redhat
redhat
(RHSA-2024:1317) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP3 security update
2024-03-18 16:18:09
(RHSA-2024:1129) Moderate: curl security update
2024-03-05 15:32:04
(RHSA-2024:2278) Moderate: httpd security update
2024-04-30 06:15:15
mageia
mageia
Updated curl packages fix security vulnerabilities
2023-12-13 21:32:37
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1310)
2024-03-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4653-1)
2023-12-07 00:00:00
Mageia: Security Advisory (MGASA-2023-0345)
2023-12-14 00:00:00
cloudfoundry
cloudfoundry
USN-6535-1: curl vulnerabilities | Cloud Foundry
2024-03-18 00:00:00
debian
debian
[SECURITY] [DSA 5587-1] curl security update
2023-12-23 19:13:59
fedora
fedora
[SECURITY] Fedora 38 Update: curl-8.0.1-6.fc38
2023-12-15 02:19:17
[SECURITY] Fedora 39 Update: curl-8.2.1-4.fc39
2023-12-10 01:37:35
[SECURITY] Fedora 38 Update: httpd-2.4.58-1.fc38
2023-10-24 01:23:53
amazon
amazon
Low: curl
2024-01-03 21:04:00
Medium: curl
2024-04-24 22:15:00
osv
osv
curl vulnerabilities
2023-12-06 12:11:58
CVE-2023-46219
2023-12-12 02:15:06
HSTS long filename clears contents
2023-12-06 08:00:00
ubuntu
ubuntu
curl vulnerabilities
2023-12-06 00:00:00
Apache HTTP Server vulnerability
2023-11-23 00:00:00
curl vulnerability
2024-02-19 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-4.0-0623
2024-06-04 00:00:00
Moderate Photon OS Security Update - PHSA-2024-5.0-0280
2024-05-28 00:00:00
ibm
ibm
Security Bulletin: PowerSC is vulnerable to security restrictions bypass due to Curl (CVE-2023-46218, CVE-2023-46219, CVE-2024-0853)
2024-03-20 18:41:31
Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Real Time Action and Base Module affected by multiple vulnerabilities (CVE-2023-46219, CVE-2023-46218, CVE-2023-52071, CVE-2024-0853)
2024-04-30 20:47:10
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-31122]
2024-03-06 06:45:04
cve
cve
CVE-2023-46219
2023-12-12 02:15:06
CVE-2023-6710
2023-12-12 22:15:22
CVE-2023-31122
2023-10-23 07:15:11
debiancve
debiancve
CVE-2023-46219
2023-12-12 02:15:06
CVE-2023-31122
2023-10-23 07:15:11
CVE-2023-46218
2023-12-07 01:15:07
cgr
cgr
CVE-2023-46219 vulnerabilities
2024-05-19 03:07:16
CVE-2023-5678 vulnerabilities
2024-05-19 03:07:16
CVE-2023-46218 vulnerabilities
2024-05-19 03:07:16
prion
prion
Code injection
2023-12-12 02:15:00
Cross site scripting
2023-12-12 22:15:00
Code injection
2023-12-07 01:15:00
cbl_mariner
cbl_mariner
CVE-2023-46219 affecting package curl for versions less than 8.5.0-1
2024-01-14 22:46:30
CVE-2023-46218 affecting package mysql for versions less than 8.0.35-2
2024-01-14 22:46:30
CVE-2023-5678 affecting package openssl for versions less than 1.1.1k-28
2024-05-17 21:38:35
alpinelinux
alpinelinux
CVE-2023-46219
2023-12-12 02:15:06
CVE-2023-31122
2023-10-23 07:15:11
CVE-2023-46218
2023-12-07 01:15:07
veracode
veracode
Missing Encryption Of Sensitive Data
2023-12-08 01:03:15
Cookie Mixed Case PSL Bypass
2023-12-08 01:03:15
Out-of-bounds Read
2023-10-20 06:57:49
redhatcve
redhatcve
CVE-2023-46219
2023-12-06 09:47:45
CVE-2023-46218
2023-12-06 09:47:42
CVE-2023-6710
2023-12-12 06:27:11
ubuntucve
ubuntucve
CVE-2023-46219
2023-12-06 00:00:00
CVE-2023-31122
2023-10-23 00:00:00
CVE-2023-46218
2023-12-06 00:00:00
nvd
nvd
CVE-2023-46219
2023-12-12 02:15:06
CVE-2023-31122
2023-10-23 07:15:11
CVE-2023-6710
2023-12-12 22:15:22
f5
f5
K000138641 : cURL vulnerability CVE-2023-46219
2024-02-17 00:00:00
K000137326 : Apache mod_macro vulnerability CVE-2023-31122
2023-10-23 00:00:00
K000138650 : cURL vulnerability CVE-2023-46218
2024-02-21 00:00:00
cvelist
cvelist
CVE-2023-46219
2023-12-12 01:38:41
CVE-2023-31122 Apache HTTP Server: mod_macro buffer over-read
2023-10-23 06:51:59
CVE-2023-6710 Mod_cluster/mod_proxy_cluster: stored cross site scripting
2023-12-12 22:01:34
oraclelinux
oraclelinux
httpd security update
2024-05-03 00:00:00
curl security update
2024-03-06 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Modcluster Mod Proxy Cluster
2023-12-25 09:50:23
Exploit for Cross-site Scripting in Modcluster Mod Proxy Cluster
2023-12-25 09:40:31
packetstorm
packetstorm
Apache mod_proxy_cluster Cross Site Scripting
2024-05-14 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2326
2024-01-23 12:20:08
almalinux
almalinux
Moderate: httpd security update
2024-04-30 00:00:00
Moderate: curl security update
2024-03-05 00:00:00
rocky
rocky
httpd security update
2024-05-10 14:32:42
zdt
zdt
Apache mod_proxy_cluster - Stored XSS Exploit
2024-05-13 00:00:00
hackerone
hackerone
curl: CVE-2023-46219: HSTS long file name clears contents
2023-11-02 00:51:08
Internet Bug Bounty: curl cookie mixed case PSL bypass
2023-12-06 12:00:29
curl: CVE-2023-46218: cookie mixed case PSL bypass
2023-10-16 18:28:56
wolfi
wolfi
CVE-2023-46219 vulnerabilities
2024-06-24 09:08:26
CVE-2023-46218 vulnerabilities
2024-06-24 09:08:26
exploitdb
exploitdb
Apache mod_proxy_cluster - Stored XSS
2024-05-13 00:00:00
aix
aix
AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2023-46218)
2024-03-06 15:05:06
redos
redos
ROS-20240328-11
2024-03-28 00:00:00
ROS-20231030-01
2023-10-30 00:00:00
cnvd
cnvd
Apache HTTP Server Buffer Overflow Vulnerability (CNVD-2023-93320)
2023-10-28 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2023-5678
2023-11-06 00:00:00

6.5 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.8%

JSON
Related for RHSA-2024:1316
nessus50redhat5mageia1openvas42cloudfoundry1debian1fedora5amazon2osv14ubuntu3photon2ibm6cve4debiancve3cgr3prion4cbl_mariner6alpinelinux3veracode4redhatcve5ubuntucve3nvd4f53cvelist4oraclelinux2githubexploit2packetstorm1rosalinux1almalinux2rocky1zdt1hackerone3wolfi2exploitdb1aix1redos2cnvd1openssl1