Описание
ELSA-2022-9682: httpd:2.4 security update (IMPORTANT)
httpd [2.4.37-47.0.2.2]
- mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module httpd:2.4 is enabled
httpd
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
httpd-devel
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
httpd-filesystem
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
httpd-manual
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
httpd-tools
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
mod_http2
1.15.7-5.module+el8.6.0+20548+01710940
mod_ldap
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
mod_md
2.0.8-8.module+el8.5.0+20475+4f6a8fd5
mod_proxy_html
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
mod_session
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
mod_ssl
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
Oracle Linux x86_64
Module httpd:2.4 is enabled
httpd
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
httpd-devel
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
httpd-filesystem
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
httpd-manual
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
httpd-tools
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
mod_http2
1.15.7-5.module+el8.6.0+20548+01710940
mod_ldap
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
mod_md
2.0.8-8.module+el8.5.0+20475+4f6a8fd5
mod_proxy_html
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
mod_session
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
mod_ssl
2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
Связанные CVE
Связанные уязвимости
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* h ...
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.