exploitDog

ELSA-2021-9545

Опубликовано: 11 нояб. 2021

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2021-9545: httpd:2.4 security update (IMPORTANT)

httpd [2.4.37-39.0.2.1]

mod_session: save one apr_strtok() [Orabug: 33338149][CVE-2021-26690]

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module httpd:2.4 is enabled

httpd

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

httpd-devel

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

httpd-filesystem

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

httpd-manual

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

httpd-tools

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

mod_http2

1.15.7-3.module+el8.4.0+20024+b87b2deb

mod_ldap

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

mod_md

2.0.8-8.module+el8.3.0+7816+49791cfd

mod_proxy_html

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

mod_session

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

mod_ssl

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

Oracle Linux x86_64

Module httpd:2.4 is enabled

httpd

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

httpd-devel

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

httpd-filesystem

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

httpd-manual

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

httpd-tools

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

mod_http2

1.15.7-3.module+el8.4.0+20024+b87b2deb

mod_ldap

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

mod_md

2.0.8-8.module+el8.3.0+7816+49791cfd

mod_proxy_html

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

mod_session

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

mod_ssl

2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1

Связанные CVE

Ссылки на источники

Связанные уязвимости

CVE-2021-26690

CVSS3: 7.5

ubuntu

около 4 лет назад

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

CVE-2021-26690

CVSS3: 7.5

redhat

около 4 лет назад

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

CVE-2021-26690

CVSS3: 7.5

nvd

около 4 лет назад

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

CVE-2021-26690

CVSS3: 7.5

msrc

около 4 лет назад

Описание отсутствует

CVE-2021-26690

CVSS3: 7.5

debian

около 4 лет назад

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie ...