RHSA-2021:4614

Description

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update

CVSS Metrics

• v3.1•HIGH•Score: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• redhat•jbcs-httpd24-apr

  < 0:1.6.3-107.jbcs.el7 | < 0:1.6.3-107.el8jbcs

• redhat•jbcs-httpd24-apr-debuginfo

  < 0:1.6.3-107.jbcs.el7 | < 0:1.6.3-107.el8jbcs

• redhat•jbcs-httpd24-apr-devel

  < 0:1.6.3-107.jbcs.el7 | < 0:1.6.3-107.el8jbcs

• redhat•jbcs-httpd24-apr-util

  < 0:1.6.1-84.jbcs.el7 | < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-debuginfo

  < 0:1.6.1-84.jbcs.el7 | < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-devel

  < 0:1.6.1-84.jbcs.el7 | < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-ldap

  < 0:1.6.1-84.jbcs.el7 | < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-ldap-debuginfo

  < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-mysql

  < 0:1.6.1-84.jbcs.el7 | < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-mysql-debuginfo

  < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-nss

  < 0:1.6.1-84.jbcs.el7 | < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-nss-debuginfo

  < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-odbc

  < 0:1.6.1-84.jbcs.el7 | < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-odbc-debuginfo

  < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-openssl

  < 0:1.6.1-84.jbcs.el7 | < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-openssl-debuginfo

  < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-pgsql

  < 0:1.6.1-84.jbcs.el7 | < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-pgsql-debuginfo

  < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-sqlite

  < 0:1.6.1-84.jbcs.el7 | < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-apr-util-sqlite-debuginfo

  < 0:1.6.1-84.el8jbcs

• redhat•jbcs-httpd24-curl

  < 0:7.78.0-2.jbcs.el7 | < 0:7.78.0-2.el8jbcs

• redhat•jbcs-httpd24-curl-debuginfo

  < 0:7.78.0-2.jbcs.el7 | < 0:7.78.0-2.el8jbcs

• redhat•jbcs-httpd24-httpd

  < 0:2.4.37-78.jbcs.el7 | < 0:2.4.37-78.el8jbcs

• redhat•jbcs-httpd24-httpd-debuginfo

  < 0:2.4.37-78.jbcs.el7 | < 0:2.4.37-78.el8jbcs

• redhat•jbcs-httpd24-httpd-devel

  < 0:2.4.37-78.jbcs.el7 | < 0:2.4.37-78.el8jbcs

• redhat•jbcs-httpd24-httpd-manual

  < 0:2.4.37-78.jbcs.el7 | < 0:2.4.37-78.el8jbcs

• redhat•jbcs-httpd24-httpd-selinux

  < 0:2.4.37-78.jbcs.el7 | < 0:2.4.37-78.el8jbcs

• redhat•jbcs-httpd24-httpd-tools

  < 0:2.4.37-78.jbcs.el7 | < 0:2.4.37-78.el8jbcs

• redhat•jbcs-httpd24-httpd-tools-debuginfo

  < 0:2.4.37-78.el8jbcs

• redhat•jbcs-httpd24-libcurl

  < 0:7.78.0-2.jbcs.el7 | < 0:7.78.0-2.el8jbcs

• redhat•jbcs-httpd24-libcurl-debuginfo

  < 0:7.78.0-2.el8jbcs

• redhat•jbcs-httpd24-libcurl-devel

  < 0:7.78.0-2.jbcs.el7 | < 0:7.78.0-2.el8jbcs

• redhat•jbcs-httpd24-mod_cluster-native

  < 0:1.3.16-9.Final_redhat_2.jbcs.el7 | < 0:1.3.16-9.Final_redhat_2.el8jbcs

• redhat•jbcs-httpd24-mod_cluster-native-debuginfo

  < 0:1.3.16-9.Final_redhat_2.jbcs.el7 | < 0:1.3.16-9.Final_redhat_2.el8jbcs

• redhat•jbcs-httpd24-mod_http2

  < 0:1.15.7-21.jbcs.el7 | < 0:1.15.7-21.el8jbcs

• redhat•jbcs-httpd24-mod_http2-debuginfo

  < 0:1.15.7-21.jbcs.el7 | < 0:1.15.7-21.el8jbcs

• redhat•jbcs-httpd24-mod_jk

  < 0:1.2.48-20.redhat_1.jbcs.el7 | < 0:1.2.48-20.redhat_1.el8jbcs

• redhat•jbcs-httpd24-mod_jk-ap24

  < 0:1.2.48-20.redhat_1.jbcs.el7 | < 0:1.2.48-20.redhat_1.el8jbcs

• redhat•jbcs-httpd24-mod_jk-ap24-debuginfo

  < 0:1.2.48-20.redhat_1.el8jbcs

• redhat•jbcs-httpd24-mod_jk-debuginfo

  < 0:1.2.48-20.redhat_1.jbcs.el7

• redhat•jbcs-httpd24-mod_jk-manual

  < 0:1.2.48-20.redhat_1.jbcs.el7 | < 0:1.2.48-20.redhat_1.el8jbcs

• redhat•jbcs-httpd24-mod_ldap

  < 0:2.4.37-78.jbcs.el7 | < 0:2.4.37-78.el8jbcs

• redhat•jbcs-httpd24-mod_ldap-debuginfo

  < 0:2.4.37-78.el8jbcs

• redhat•jbcs-httpd24-mod_md

  < 1:2.0.8-40.jbcs.el7 | < 1:2.0.8-40.el8jbcs

• redhat•jbcs-httpd24-mod_md-debuginfo

  < 1:2.0.8-40.jbcs.el7 | < 1:2.0.8-40.el8jbcs

• redhat•jbcs-httpd24-mod_proxy_html

  < 1:2.4.37-78.jbcs.el7 | < 1:2.4.37-78.el8jbcs

• redhat•jbcs-httpd24-mod_proxy_html-debuginfo

  < 1:2.4.37-78.el8jbcs

• redhat•jbcs-httpd24-mod_security

  < 0:2.9.2-67.GA.jbcs.el7 | < 0:2.9.2-67.GA.el8jbcs

• redhat•jbcs-httpd24-mod_security-debuginfo

  < 0:2.9.2-67.GA.jbcs.el7 | < 0:2.9.2-67.GA.el8jbcs

• redhat•jbcs-httpd24-mod_session

  < 0:2.4.37-78.jbcs.el7 | < 0:2.4.37-78.el8jbcs

Showing first 50 affected entries in server-rendered view.

References (58)

• https://access.redhat.com/errata/RHSA-2021:4614
• https://access.redhat.com/security/updates/classification/#moderate
• https://bugzilla.redhat.com/show_bug.cgi?id=1848436
• https://bugzilla.redhat.com/show_bug.cgi?id=1848444
• https://bugzilla.redhat.com/show_bug.cgi?id=1930310
• https://bugzilla.redhat.com/show_bug.cgi?id=1930324
• https://bugzilla.redhat.com/show_bug.cgi?id=1966724
• https://bugzilla.redhat.com/show_bug.cgi?id=1966729
• https://bugzilla.redhat.com/show_bug.cgi?id=1966732
• https://bugzilla.redhat.com/show_bug.cgi?id=1966738
• https://bugzilla.redhat.com/show_bug.cgi?id=1966740
• https://bugzilla.redhat.com/show_bug.cgi?id=1966743
• https://bugzilla.redhat.com/show_bug.cgi?id=1995634
• https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4614.json
• https://access.redhat.com/security/cve/CVE-2019-17567
• https://www.cve.org/CVERecord?id=CVE-2019-17567
• https://nvd.nist.gov/vuln/detail/CVE-2019-17567
• https://httpd.apache.org/security/vulnerabilities_24.html
• https://access.redhat.com/security/cve/CVE-2019-20838
• https://www.cve.org/CVERecord?id=CVE-2019-20838
• https://nvd.nist.gov/vuln/detail/CVE-2019-20838
• https://access.redhat.com/security/cve/CVE-2020-13950
• https://www.cve.org/CVERecord?id=CVE-2020-13950
• https://nvd.nist.gov/vuln/detail/CVE-2020-13950
• https://access.redhat.com/security/cve/CVE-2020-14155
• https://www.cve.org/CVERecord?id=CVE-2020-14155
• https://nvd.nist.gov/vuln/detail/CVE-2020-14155
• https://access.redhat.com/security/cve/CVE-2020-35452
• https://www.cve.org/CVERecord?id=CVE-2020-35452
• https://nvd.nist.gov/vuln/detail/CVE-2020-35452
• https://access.redhat.com/security/cve/CVE-2021-3688
• https://bugzilla.redhat.com/show_bug.cgi?id=1990252
• https://www.cve.org/CVERecord?id=CVE-2021-3688
• https://nvd.nist.gov/vuln/detail/CVE-2021-3688
• https://access.redhat.com/security/cve/CVE-2021-3712
• https://www.cve.org/CVERecord?id=CVE-2021-3712
• https://nvd.nist.gov/vuln/detail/CVE-2021-3712
• https://www.openssl.org/news/secadv/20210824.txt
• https://access.redhat.com/security/cve/CVE-2021-23840
• https://www.cve.org/CVERecord?id=CVE-2021-23840
• https://nvd.nist.gov/vuln/detail/CVE-2021-23840
• https://www.openssl.org/news/secadv/20210216.txt
• https://access.redhat.com/security/cve/CVE-2021-23841
• https://www.cve.org/CVERecord?id=CVE-2021-23841
• https://nvd.nist.gov/vuln/detail/CVE-2021-23841
• https://access.redhat.com/security/cve/CVE-2021-26690
• https://www.cve.org/CVERecord?id=CVE-2021-26690
• https://nvd.nist.gov/vuln/detail/CVE-2021-26690
• https://access.redhat.com/security/cve/CVE-2021-26691
• https://www.cve.org/CVERecord?id=CVE-2021-26691
• https://nvd.nist.gov/vuln/detail/CVE-2021-26691
• https://access.redhat.com/security/cve/CVE-2021-30641
• https://www.cve.org/CVERecord?id=CVE-2021-30641
• https://nvd.nist.gov/vuln/detail/CVE-2021-30641
• https://access.redhat.com/security/cve/CVE-2021-34798
• https://bugzilla.redhat.com/show_bug.cgi?id=2005128
• https://www.cve.org/CVERecord?id=CVE-2021-34798
• https://nvd.nist.gov/vuln/detail/CVE-2021-34798