Описание
ELSA-2022-9675: httpd security update (IMPORTANT)
[2.4.6-97.0.7.5]
- mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and fixup last [CVE-2022-31813][Orabug: 34381850]
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
httpd
2.4.6-97.0.7.el7_9.5
httpd-devel
2.4.6-97.0.7.el7_9.5
httpd-manual
2.4.6-97.0.7.el7_9.5
httpd-tools
2.4.6-97.0.7.el7_9.5
mod_ldap
2.4.6-97.0.7.el7_9.5
mod_proxy_html
2.4.6-97.0.7.el7_9.5
mod_session
2.4.6-97.0.7.el7_9.5
mod_ssl
2.4.6-97.0.7.el7_9.5
Oracle Linux x86_64
httpd
2.4.6-97.0.7.el7_9.5
httpd-devel
2.4.6-97.0.7.el7_9.5
httpd-manual
2.4.6-97.0.7.el7_9.5
httpd-tools
2.4.6-97.0.7.el7_9.5
mod_ldap
2.4.6-97.0.7.el7_9.5
mod_proxy_html
2.4.6-97.0.7.el7_9.5
mod_session
2.4.6-97.0.7.el7_9.5
mod_ssl
2.4.6-97.0.7.el7_9.5
Связанные CVE
Связанные уязвимости
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* h ...
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.