ROSA LABROSA-SA-2023-2158Advisory ROSA-SA-2023-2158
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Software: httpd 2.4.6
OS: rosa-server79
package_evr_string: 2.4.6-98.7
CVE-ID: CVE-2021-40438
BDU-ID: 2021-04820
CVE-Crit: CRITICAL
CVE-DESC: A vulnerability in the mod_proxy module of the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to launch an SSRF attack
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update httpd command.
CVE-ID: CVE-2021-44790
BDU-ID: 2021-06392
CVE-Crit: CRITICAL.
CVE-DESC: A vulnerability in the Apache HTTP server is related to an operation exceeding the buffer boundary in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by sending a specially crafted HTTP request
CVE-STATUS: Fixed
CVE-REV: To close, execute yum update httpd command
CVE-ID: CVE-2021-34798
BDU-ID: 2021-05873
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the Apache HTTP Server web server is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using specially crafted HTTP requests
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update httpd command
CVE-ID: CVE-2021-39275
BDU-ID: 2022-00203
CVE-Crit: CRITICAL.
CVE-DESC: A vulnerability in the ap_escape_quotes() function of the Apache HTTP Server web server is related to a lack of input validation in the function. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, compromise its integrity, and cause denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update httpd command
CVE-ID: CVE-2021-26691
BDU-ID: 2021-03678
CVE-Crit: CRITICAL.
CVE-DESC: A vulnerability in the Apache HTTP Server web server is related to heap overflow. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of protected information
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update httpd command
CVE-ID: CVE-2022-22720
BDU-ID: 2022-01456
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the Apache HTTP Server web server is related to flaws in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to perform an HTTP request smuggling attack
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update httpd command
CVE-ID: CVE-2023-25690
BDU-ID: 2023-01738
CVE-Crit: CRITICAL.
CVE-DESC: A vulnerability in the mod_proxy module of the Apache HTTP Server web server is related to flaws in the handling of the Transfer-Encoding header. Exploitation of the vulnerability could allow an attacker acting remotely to send a stealthy HTTP request (HTTP Request Smuggling attack)
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update httpd command.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%