Описание
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
A flaw was found in the mod_proxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service.
Отчет
As this flaw allows a remote attacker to cause a denial of service, it has been rated with an important severity. This flaw only affects configurations with mod_proxy loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | httpd | Not affected | ||
| Red Hat Enterprise Linux 6 | httpd | Not affected | ||
| Red Hat JBoss Core Services | httpd | Affected | ||
| JBoss Core Services for RHEL 8 | jbcs-httpd24-httpd | Fixed | RHSA-2024:5239 | 13.08.2024 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_http2 | Fixed | RHSA-2024:5239 | 13.08.2024 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_jk | Fixed | RHSA-2024:5239 | 13.08.2024 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_md | Fixed | RHSA-2024:5239 | 13.08.2024 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_proxy_cluster | Fixed | RHSA-2024:5239 | 13.08.2024 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_security | Fixed | RHSA-2024:5239 | 13.08.2024 |
| JBoss Core Services on RHEL 7 | jbcs-httpd24-httpd | Fixed | RHSA-2024:5239 | 13.08.2024 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and ...
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Уязвимость модуля mod_proxy веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3