RHSA-2020:2644

Description

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Systems

• redhat•jbcs-httpd24-curl

  < 0:7.64.1-36.jbcs.el6 | < 0:7.64.1-36.jbcs.el7

• redhat•jbcs-httpd24-curl-debuginfo

  < 0:7.64.1-36.jbcs.el6 | < 0:7.64.1-36.jbcs.el7

• redhat•jbcs-httpd24-httpd

  < 0:2.4.37-57.jbcs.el6 | < 0:2.4.37-57.jbcs.el7

• redhat•jbcs-httpd24-httpd-debuginfo

  < 0:2.4.37-57.jbcs.el6 | < 0:2.4.37-57.jbcs.el7

• redhat•jbcs-httpd24-httpd-devel

  < 0:2.4.37-57.jbcs.el6 | < 0:2.4.37-57.jbcs.el7

• redhat•jbcs-httpd24-httpd-manual

  < 0:2.4.37-57.jbcs.el6 | < 0:2.4.37-57.jbcs.el7

• redhat•jbcs-httpd24-httpd-selinux

  < 0:2.4.37-57.jbcs.el6 | < 0:2.4.37-57.jbcs.el7

• redhat•jbcs-httpd24-httpd-tools

  < 0:2.4.37-57.jbcs.el6 | < 0:2.4.37-57.jbcs.el7

• redhat•jbcs-httpd24-libcurl

  < 0:7.64.1-36.jbcs.el6 | < 0:7.64.1-36.jbcs.el7

• redhat•jbcs-httpd24-libcurl-devel

  < 0:7.64.1-36.jbcs.el6 | < 0:7.64.1-36.jbcs.el7

• redhat•jbcs-httpd24-mod_cluster-native

  < 0:1.3.14-4.Final_redhat_2.jbcs.el6 | < 0:1.3.14-4.Final_redhat_2.jbcs.el7

• redhat•jbcs-httpd24-mod_cluster-native-debuginfo

  < 0:1.3.14-4.Final_redhat_2.jbcs.el6 | < 0:1.3.14-4.Final_redhat_2.jbcs.el7

• redhat•jbcs-httpd24-mod_http2

  < 0:1.15.7-3.jbcs.el6 | < 0:1.15.7-3.jbcs.el7

• redhat•jbcs-httpd24-mod_http2-debuginfo

  < 0:1.15.7-3.jbcs.el6 | < 0:1.15.7-3.jbcs.el7

• redhat•jbcs-httpd24-mod_jk

  < 0:1.2.48-4.redhat_1.jbcs.el6 | < 0:1.2.48-4.redhat_1.jbcs.el7

• redhat•jbcs-httpd24-mod_jk-ap24

  < 0:1.2.48-4.redhat_1.jbcs.el6 | < 0:1.2.48-4.redhat_1.jbcs.el7

• redhat•jbcs-httpd24-mod_jk-debuginfo

  < 0:1.2.48-4.redhat_1.jbcs.el6 | < 0:1.2.48-4.redhat_1.jbcs.el7

• redhat•jbcs-httpd24-mod_jk-manual

  < 0:1.2.48-4.redhat_1.jbcs.el6 | < 0:1.2.48-4.redhat_1.jbcs.el7

• redhat•jbcs-httpd24-mod_ldap

  < 0:2.4.37-57.jbcs.el6 | < 0:2.4.37-57.jbcs.el7

• redhat•jbcs-httpd24-mod_md

  < 1:2.0.8-24.jbcs.el6 | < 1:2.0.8-24.jbcs.el7

• redhat•jbcs-httpd24-mod_md-debuginfo

  < 1:2.0.8-24.jbcs.el6 | < 1:2.0.8-24.jbcs.el7

• redhat•jbcs-httpd24-mod_proxy_html

  < 1:2.4.37-57.jbcs.el6 | < 1:2.4.37-57.jbcs.el7

• redhat•jbcs-httpd24-mod_security

  < 0:2.9.2-51.GA.jbcs.el6 | < 0:2.9.2-51.GA.jbcs.el7

• redhat•jbcs-httpd24-mod_security-debuginfo

  < 0:2.9.2-51.GA.jbcs.el6 | < 0:2.9.2-51.GA.jbcs.el7

• redhat•jbcs-httpd24-mod_session

  < 0:2.4.37-57.jbcs.el6 | < 0:2.4.37-57.jbcs.el7

• redhat•jbcs-httpd24-mod_ssl

  < 1:2.4.37-57.jbcs.el6 | < 1:2.4.37-57.jbcs.el7

• redhat•jbcs-httpd24-nghttp2

  < 0:1.39.2-25.jbcs.el6 | < 0:1.39.2-25.jbcs.el7

• redhat•jbcs-httpd24-nghttp2-debuginfo

  < 0:1.39.2-25.jbcs.el6 | < 0:1.39.2-25.jbcs.el7

• redhat•jbcs-httpd24-nghttp2-devel

  < 0:1.39.2-25.jbcs.el6 | < 0:1.39.2-25.jbcs.el7

• redhat•jbcs-httpd24-openssl-pkcs11

  < 0:0.4.10-7.jbcs.el7

• redhat•jbcs-httpd24-openssl-pkcs11-debuginfo

  < 0:0.4.10-7.jbcs.el7

References (44)

• https://access.redhat.com/errata/RHSA-2020:2644
• https://access.redhat.com/security/updates/classification/#important
• https://bugzilla.redhat.com/show_bug.cgi?id=1695030
• https://bugzilla.redhat.com/show_bug.cgi?id=1695042
• https://bugzilla.redhat.com/show_bug.cgi?id=1723723
• https://bugzilla.redhat.com/show_bug.cgi?id=1752592
• https://bugzilla.redhat.com/show_bug.cgi?id=1788856
• https://bugzilla.redhat.com/show_bug.cgi?id=1799734
• https://bugzilla.redhat.com/show_bug.cgi?id=1799786
• https://bugzilla.redhat.com/show_bug.cgi?id=1820772
• https://bugzilla.redhat.com/show_bug.cgi?id=1844929
• https://issues.redhat.com/browse/JBCS-941
• https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2644.json
• https://access.redhat.com/security/cve/CVE-2018-20843
• https://www.cve.org/CVERecord?id=CVE-2018-20843
• https://nvd.nist.gov/vuln/detail/CVE-2018-20843
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031
• https://access.redhat.com/security/cve/CVE-2019-0196
• https://www.cve.org/CVERecord?id=CVE-2019-0196
• https://nvd.nist.gov/vuln/detail/CVE-2019-0196
• http://www.apache.org/dist/httpd/CHANGES_2.4
• https://httpd.apache.org/security/vulnerabilities_24.html
• https://access.redhat.com/security/cve/CVE-2019-0197
• https://www.cve.org/CVERecord?id=CVE-2019-0197
• https://nvd.nist.gov/vuln/detail/CVE-2019-0197
• https://access.redhat.com/security/cve/CVE-2019-15903
• https://www.cve.org/CVERecord?id=CVE-2019-15903
• https://nvd.nist.gov/vuln/detail/CVE-2019-15903
• https://access.redhat.com/security/cve/CVE-2019-19956
• https://www.cve.org/CVERecord?id=CVE-2019-19956
• https://nvd.nist.gov/vuln/detail/CVE-2019-19956
• https://access.redhat.com/security/cve/CVE-2019-20388
• https://www.cve.org/CVERecord?id=CVE-2019-20388
• https://nvd.nist.gov/vuln/detail/CVE-2019-20388
• https://access.redhat.com/security/cve/CVE-2020-1934
• https://www.cve.org/CVERecord?id=CVE-2020-1934
• https://nvd.nist.gov/vuln/detail/CVE-2020-1934
• https://access.redhat.com/security/cve/CVE-2020-7595
• https://www.cve.org/CVERecord?id=CVE-2020-7595
• https://nvd.nist.gov/vuln/detail/CVE-2020-7595
• https://access.redhat.com/security/cve/CVE-2020-11080
• https://www.cve.org/CVERecord?id=CVE-2020-11080
• https://nvd.nist.gov/vuln/detail/CVE-2020-11080
• https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr