(RHSA-2024:6136) Important: httpd:2.4 security update

2024-09-0301:08:51

access.redhat.com

httpd

packages

security

update

cve

2024-38476

unix

web server

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

EPSS

0.018

Percentile

88.5%

JSON

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: Security issues via?backend applications whose response headers are malicious or exploitable (CVE-2024-38476)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64httpd< 2.4.37-56.module+el8.8.0+22230+712d65df.9httpd-2.4.37-56.module+el8.8.0+22230+712d65df.9.x86_64.rpm
RedHatanyx86_64mod_http2-debuginfo< 1.15.7-8.module+el8.8.0+21773+20528f83.5mod_http2-debuginfo-1.15.7-8.module+el8.8.0+21773+20528f83.5.x86_64.rpm
RedHatanyx86_64mod_ldap< 2.4.37-56.module+el8.8.0+22230+712d65df.9mod_ldap-2.4.37-56.module+el8.8.0+22230+712d65df.9.x86_64.rpm
RedHatanyx86_64mod_proxy_html-debuginfo< 2.4.37-56.module+el8.8.0+22230+712d65df.9mod_proxy_html-debuginfo-2.4.37-56.module+el8.8.0+22230+712d65df.9.x86_64.rpm
RedHatanys390xmod_ldap-debuginfo< 2.4.37-56.module+el8.8.0+22230+712d65df.9mod_ldap-debuginfo-2.4.37-56.module+el8.8.0+22230+712d65df.9.s390x.rpm
RedHatanyppc64lemod_ssl< 2.4.37-56.module+el8.8.0+22230+712d65df.9mod_ssl-2.4.37-56.module+el8.8.0+22230+712d65df.9.ppc64le.rpm
RedHatanyx86_64mod_ssl< 2.4.37-56.module+el8.8.0+22230+712d65df.9mod_ssl-2.4.37-56.module+el8.8.0+22230+712d65df.9.x86_64.rpm
RedHatanyppc64lemod_http2< 1.15.7-8.module+el8.8.0+21773+20528f83.5mod_http2-1.15.7-8.module+el8.8.0+21773+20528f83.5.ppc64le.rpm
RedHatanyppc64lehttpd-tools< 2.4.37-56.module+el8.8.0+22230+712d65df.9httpd-tools-2.4.37-56.module+el8.8.0+22230+712d65df.9.ppc64le.rpm
RedHatanyppc64lemod_ldap-debuginfo< 2.4.37-56.module+el8.8.0+22230+712d65df.9mod_ldap-debuginfo-2.4.37-56.module+el8.8.0+22230+712d65df.9.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	x86_64	httpd	< 2.4.37-56.module+el8.8.0+22230+712d65df.9	httpd-2.4.37-56.module+el8.8.0+22230+712d65df.9.x86_64.rpm
RedHat	any	x86_64	mod_http2-debuginfo	< 1.15.7-8.module+el8.8.0+21773+20528f83.5	mod_http2-debuginfo-1.15.7-8.module+el8.8.0+21773+20528f83.5.x86_64.rpm
RedHat	any	x86_64	mod_ldap	< 2.4.37-56.module+el8.8.0+22230+712d65df.9	mod_ldap-2.4.37-56.module+el8.8.0+22230+712d65df.9.x86_64.rpm
RedHat	any	x86_64	mod_proxy_html-debuginfo	< 2.4.37-56.module+el8.8.0+22230+712d65df.9	mod_proxy_html-debuginfo-2.4.37-56.module+el8.8.0+22230+712d65df.9.x86_64.rpm
RedHat	any	s390x	mod_ldap-debuginfo	< 2.4.37-56.module+el8.8.0+22230+712d65df.9	mod_ldap-debuginfo-2.4.37-56.module+el8.8.0+22230+712d65df.9.s390x.rpm
RedHat	any	ppc64le	mod_ssl	< 2.4.37-56.module+el8.8.0+22230+712d65df.9	mod_ssl-2.4.37-56.module+el8.8.0+22230+712d65df.9.ppc64le.rpm
RedHat	any	x86_64	mod_ssl	< 2.4.37-56.module+el8.8.0+22230+712d65df.9	mod_ssl-2.4.37-56.module+el8.8.0+22230+712d65df.9.x86_64.rpm
RedHat	any	ppc64le	mod_http2	< 1.15.7-8.module+el8.8.0+21773+20528f83.5	mod_http2-1.15.7-8.module+el8.8.0+21773+20528f83.5.ppc64le.rpm
RedHat	any	ppc64le	httpd-tools	< 2.4.37-56.module+el8.8.0+22230+712d65df.9	httpd-tools-2.4.37-56.module+el8.8.0+22230+712d65df.9.ppc64le.rpm
RedHat	any	ppc64le	mod_ldap-debuginfo	< 2.4.37-56.module+el8.8.0+22230+712d65df.9	mod_ldap-debuginfo-2.4.37-56.module+el8.8.0+22230+712d65df.9.ppc64le.rpm