Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2023-6403

Опубликовано: 11 нояб. 2023
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2023-6403: httpd and mod_http2 security, bug fix, and enhancement update (MODERATE)

httpd [2.4.57-5.0.1]

  • Replace index.html with Oracle's index page oracle_index.html.

[2.4.57-5]

  • Fix issue found by covscan
  • Related: #2222001

[2.4.57-4]

  • Resolves: #2217726 - Make PROPFIND tolerant of deletion race

[2.4.57-3]

  • Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice

[2.4.57-2]

  • Resolves: #2186645 - Fix issue found by covscan in httpd package
  • Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi

[2.4.57-1]

  • Resolves: #2184403 - rebase httpd to 2.4.57
  • Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy

mod_http2 [1.15.19-5]

  • Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

httpd

2.4.57-5.0.1.el9

httpd-core

2.4.57-5.0.1.el9

httpd-devel

2.4.57-5.0.1.el9

httpd-filesystem

2.4.57-5.0.1.el9

httpd-manual

2.4.57-5.0.1.el9

httpd-tools

2.4.57-5.0.1.el9

mod_http2

1.15.19-5.el9

mod_ldap

2.4.57-5.0.1.el9

mod_lua

2.4.57-5.0.1.el9

mod_proxy_html

2.4.57-5.0.1.el9

mod_session

2.4.57-5.0.1.el9

mod_ssl

2.4.57-5.0.1.el9

Oracle Linux x86_64

httpd

2.4.57-5.0.1.el9

httpd-core

2.4.57-5.0.1.el9

httpd-devel

2.4.57-5.0.1.el9

httpd-filesystem

2.4.57-5.0.1.el9

httpd-manual

2.4.57-5.0.1.el9

httpd-tools

2.4.57-5.0.1.el9

mod_http2

1.15.19-5.el9

mod_ldap

2.4.57-5.0.1.el9

mod_lua

2.4.57-5.0.1.el9

mod_proxy_html

2.4.57-5.0.1.el9

mod_session

2.4.57-5.0.1.el9

mod_ssl

2.4.57-5.0.1.el9

Связанные CVE

CVE-2023-27522

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2023-27522

CVSS3: 7.5
ubuntu
больше 2 лет назад

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.

redhat логотип

CVE-2023-27522

CVSS3: 7.5
redhat
больше 2 лет назад

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.

nvd логотип

CVE-2023-27522

CVSS3: 7.5
nvd
больше 2 лет назад

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.

msrc логотип

CVE-2023-27522

CVSS3: 7.5
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-27522

CVSS3: 7.5
debian
больше 2 лет назад

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_pr ...

Уязвимость ELSA-2023-6403