Описание
ELSA-2022-9680: httpd security update (IMPORTANT)
[2.4.51-7.0.2]
- mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and fixup last [CVE-2022-31813][Orabug: 34381949]
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
httpd
2.4.51-7.0.2.el9_0
httpd-devel
2.4.51-7.0.2.el9_0
httpd-filesystem
2.4.51-7.0.2.el9_0
httpd-manual
2.4.51-7.0.2.el9_0
httpd-tools
2.4.51-7.0.2.el9_0
mod_ldap
2.4.51-7.0.2.el9_0
mod_lua
2.4.51-7.0.2.el9_0
mod_proxy_html
2.4.51-7.0.2.el9_0
mod_session
2.4.51-7.0.2.el9_0
mod_ssl
2.4.51-7.0.2.el9_0
Oracle Linux x86_64
httpd
2.4.51-7.0.2.el9_0
httpd-devel
2.4.51-7.0.2.el9_0
httpd-filesystem
2.4.51-7.0.2.el9_0
httpd-manual
2.4.51-7.0.2.el9_0
httpd-tools
2.4.51-7.0.2.el9_0
mod_ldap
2.4.51-7.0.2.el9_0
mod_lua
2.4.51-7.0.2.el9_0
mod_proxy_html
2.4.51-7.0.2.el9_0
mod_session
2.4.51-7.0.2.el9_0
mod_ssl
2.4.51-7.0.2.el9_0
Связанные CVE
Связанные уязвимости
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* h ...
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.