Advisory ROSA-SA-2023-2159

Software: httpd 2.4.37
OS: ROSA Virtualization 2.1

package_evr_string: 2.4.37

CVE-ID: CVE-2006-20001
BDU-ID: 2023-01105
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the mod_dav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update httpd command

CVE-ID: CVE-2018-17199
BDU-ID: 2019-01564
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the mod_session module of the Apache HTTP Server web server is related to the lack of session lifetime checking before decoding a session. Exploitation of the vulnerability could allow an attacker acting remotely to impact the integrity of protected data
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update httpd command

CVE-ID: CVE-2020-11984
BDU-ID: 2020-05176
CVE-Crit: CRITICAL
CVE-DESC: A vulnerability in the mod_proxy_uwsgi module of the Apache HTTP Server web server is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information, execute arbitrary code, or cause a denial of service.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update httpd command.

CVE-ID: CVE-2020-13950
BDU-ID: 2021-06310
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the mod_proxy_http function of the Apache HTTP Server web server is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run yum update httpd command

CVE-ID: CVE-2020-35452
BDU-ID: 2021-03679
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the mod_auth_digest function of the Apache HTTP Server web server is caused by an operation exceeding buffer boundaries on the stack. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of protected information
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update httpd command

CVE-ID: CVE-2021-26690
BDU-ID: 2021-03681
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the Apache HTTP Server web server is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause the application to crash
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update httpd command.

CVE-ID: CVE-2021-26691
BDU-ID: 2021-03678
CVE-Crit: CRITICAL.
CVE-DESC: A vulnerability in the Apache HTTP Server web server is related to heap overflow. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of protected information
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update httpd command

CVE-ID: CVE-2021-30641
BDU-ID: 2021-03680
CVE-Crit: MEDIUM
CVE-DESC: An Apache HTTP Server web server vulnerability exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to impact the integrity of protected information
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update httpd command

CVE-ID: CVE-2021-33193
BDU-ID: 2021-04216
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the mod_proxy module of the mod_proxy httpd daemon of the Apache HTTP Server web server is related to flaws in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to send a hidden HTTP request (HTTP Request Smuggling attack).
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update httpd command.

CVE-ID: CVE-2021-34798
BDU-ID: 2021-05873
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the Apache HTTP Server web server is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using specially crafted HTTP requests
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update httpd command