Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-20325

Опубликовано: 09 нояб. 2021
Источник: redhat
CVSS3: 9

Описание

Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be vulnerable to the mentioned CVEs, even if they were properly fixed in Red Hat Enterprise Linux 8.4. CVE-2021-20325 was assigned to that Red Hat specific security regression and it does not affect the upstream versions of httpd.

Отчет

For more details about the original security issues CVE-2021-40438 and CVE-2021-26691, refer to the CVE pages: https://access.redhat.com/security/cve/CVE-2021-40438 and https://access.redhat.com/security/cve/CVE-2021-26691.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6httpdNot affected
Red Hat Enterprise Linux 7httpdNot affected
Red Hat Enterprise Linux 9httpdNot affected
Red Hat JBoss Core Servicesjbcs-httpd24-httpdNot affected
Red Hat Software Collectionshttpd24-httpdNot affected
Red Hat Enterprise Linux 8httpdFixedRHSA-2021:453709.11.2021

Показывать по

Дополнительная информация

Статус:

Important
Дефект:
CWE-787
Дефект:
CWE-918
https://bugzilla.redhat.com/show_bug.cgi?id=2017321httpd: Regression of CVE-2021-40438 and CVE-2021-26691 fixes in Red Hat Enterprise Linux 8.5

9 Critical

CVSS3

Связанные уязвимости

CVSS3: 9.8
ubuntu
больше 3 лет назад

Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be vulnerable to the mentioned CVEs, even if they were properly fixed in Red Hat Enterprise Linux 8.4. CVE-2021-20325 was assigned to that Red Hat specific security regression and it does not affect the upstream versions of httpd.

CVSS3: 9.8
nvd
больше 3 лет назад

Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be vulnerable to the mentioned CVEs, even if they were properly fixed in Red Hat Enterprise Linux 8.4. CVE-2021-20325 was assigned to that Red Hat specific security regression and it does not affect the upstream versions of httpd.

CVSS3: 9.8
debian
больше 3 лет назад

Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of ...

rocky
больше 3 лет назад

Important: httpd:2.4 security update

CVSS3: 9.8
github
больше 3 лет назад

Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be vulnerable to the mentioned CVEs, even if they were properly fixed in Red Hat Enterprise Linux 8.4. CVE-2021-20325 was assigned to that Red Hat specific security regression and it does not affect the upstream versions of httpd.

9 Critical

CVSS3