httpd and mod_http2 security update

🗓️ 12 Apr 2023 01:41:37Reported by Rockylinux Product ErrataType

httpd and mod_http2 security update affecting Rocky Linux 9. The update fixes HTTP request splitting vulnerability with mod_rewrite and mod_proxy

Reporter	Title	Published	Views	Family All 276
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)	21 Mar 202310:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690).	29 Aug 202321:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server	31 Aug 202319:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690)	4 Apr 202316:02	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-25690]	28 Mar 202307:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities have been identified in OpenSSL, Apache HTTP Server and other system libraries shipped with the DS8000 Hardware Management Console (HMC)	12 Jul 202311:03	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak System is vulnerable to HTTP request splitting attack.	1 Oct 202419:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On uses IBM HTTP Server that is vulnerable to HTTP request splitting (CVE-2023-25690)	29 Mar 202304:38	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2023	28 Apr 202314:09	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Rocky Linux	9	aarch64	httpd	0:2.4.53-7.el9_1.5	httpd-0:2.4.53-7.el9_1.5.aarch64.rpm
Rocky Linux	9	ppc64le	httpd	0:2.4.53-7.el9_1.5	httpd-0:2.4.53-7.el9_1.5.ppc64le.rpm
Rocky Linux	9	s390x	httpd	0:2.4.53-7.el9_1.5	httpd-0:2.4.53-7.el9_1.5.s390x.rpm
Rocky Linux	9	x86_64	httpd	0:2.4.53-7.el9_1.5	httpd-0:2.4.53-7.el9_1.5.x86_64.rpm
Rocky Linux	9	aarch64	httpd-core	0:2.4.53-7.el9_1.5	httpd-core-0:2.4.53-7.el9_1.5.aarch64.rpm
Rocky Linux	9	ppc64le	httpd-core	0:2.4.53-7.el9_1.5	httpd-core-0:2.4.53-7.el9_1.5.ppc64le.rpm
Rocky Linux	9	s390x	httpd-core	0:2.4.53-7.el9_1.5	httpd-core-0:2.4.53-7.el9_1.5.s390x.rpm
Rocky Linux	9	x86_64	httpd-core	0:2.4.53-7.el9_1.5	httpd-core-0:2.4.53-7.el9_1.5.x86_64.rpm
Rocky Linux	9	aarch64	httpd-core-debuginfo	0:2.4.53-7.el9_1.5	httpd-core-debuginfo-0:2.4.53-7.el9_1.5.aarch64.rpm
Rocky Linux	9	ppc64le	httpd-core-debuginfo	0:2.4.53-7.el9_1.5	httpd-core-debuginfo-0:2.4.53-7.el9_1.5.ppc64le.rpm

12 Apr 2023 01:41Current

9.3High risk

Vulners AI Score9.3

CVSS 3.19.8

EPSS0.67011

SSVC