Описание
ELSA-2022-9676: httpd security update (IMPORTANT)
[2.2.15-69.0.4]
- mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and fixup last [CVE-2022-31813][Orabug: 34317859]
[2.2.15-69.0.3]
- core: Simpler connection close logic [CVE-2022-22720][Orabug: 33991577]
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
httpd
2.2.15-69.0.4.el6
httpd-devel
2.2.15-69.0.4.el6
httpd-manual
2.2.15-69.0.4.el6
httpd-tools
2.2.15-69.0.4.el6
mod_ssl
2.2.15-69.0.4.el6
Oracle Linux i686
httpd
2.2.15-69.0.4.el6
httpd-devel
2.2.15-69.0.4.el6
httpd-manual
2.2.15-69.0.4.el6
httpd-tools
2.2.15-69.0.4.el6
mod_ssl
2.2.15-69.0.4.el6
Связанные CVE
Связанные уязвимости
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* h ...
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.