Описание
ELSA-2021-3856: httpd security update (IMPORTANT)
[2.4.6-97.0.1.1]
- replace index.html with Oracle's index page oracle_index.html
[2.4.6-97.1]
- Resolves: #2011729 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted request uri-path containing 'unix:'
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
httpd
2.4.6-97.0.1.el7_9.1
httpd-devel
2.4.6-97.0.1.el7_9.1
httpd-manual
2.4.6-97.0.1.el7_9.1
httpd-tools
2.4.6-97.0.1.el7_9.1
mod_ldap
2.4.6-97.0.1.el7_9.1
mod_proxy_html
2.4.6-97.0.1.el7_9.1
mod_session
2.4.6-97.0.1.el7_9.1
mod_ssl
2.4.6-97.0.1.el7_9.1
Oracle Linux x86_64
httpd
2.4.6-97.0.1.el7_9.1
httpd-devel
2.4.6-97.0.1.el7_9.1
httpd-manual
2.4.6-97.0.1.el7_9.1
httpd-tools
2.4.6-97.0.1.el7_9.1
mod_ldap
2.4.6-97.0.1.el7_9.1
mod_proxy_html
2.4.6-97.0.1.el7_9.1
mod_session
2.4.6-97.0.1.el7_9.1
mod_ssl
2.4.6-97.0.1.el7_9.1
Связанные CVE
Связанные уязвимости
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
A crafted request uri-path can cause mod_proxy to forward the request ...