Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2022-9276

Опубликовано: 13 апр. 2022
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2022-9276: httpd:2.4 security update (IMPORTANT)

[2.4.37-43.0.3.3]

  • Resolves: CVE-2021-33193 a crafted method sent through HTTP/2 will bypass validation [Orabug: 33942809]

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module httpd:2.4 is enabled

httpd

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

httpd-devel

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

httpd-filesystem

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

httpd-manual

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

httpd-tools

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

mod_ldap

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

mod_proxy_html

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

mod_session

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

mod_ssl

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

Oracle Linux x86_64

Module httpd:2.4 is enabled

httpd

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

httpd-devel

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

httpd-filesystem

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

httpd-manual

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

httpd-tools

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

mod_ldap

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

mod_proxy_html

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

mod_session

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

mod_ssl

2.4.37-43.0.3.module+el8.5.0+20624+5d3b49d0.3

Связанные CVE

CVE-2021-33193

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2021-33193

CVSS3: 7.5
ubuntu
почти 4 года назад

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

redhat логотип

CVE-2021-33193

CVSS3: 7.5
redhat
почти 4 года назад

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

nvd логотип

CVE-2021-33193

CVSS3: 7.5
nvd
почти 4 года назад

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

debian логотип

CVE-2021-33193

CVSS3: 7.5
debian
почти 4 года назад

A crafted method sent through HTTP/2 will bypass validation and be for ...

suse-cvrf логотип

openSUSE-SU-2021:2954-1

suse-cvrf
почти 4 года назад

Security update for apache2