RHSA-2023:4629

Description

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Systems

• redhat•jbcs-httpd24-apr

  < 0:1.7.0-8.el7jbcs | < 0:1.7.0-8.el8jbcs

• redhat•jbcs-httpd24-apr-debuginfo

  < 0:1.7.0-8.el7jbcs | < 0:1.7.0-8.el8jbcs

• redhat•jbcs-httpd24-apr-devel

  < 0:1.7.0-8.el7jbcs | < 0:1.7.0-8.el8jbcs

• redhat•jbcs-httpd24-curl

  < 0:8.2.1-1.el7jbcs | < 0:8.2.1-1.el8jbcs

• redhat•jbcs-httpd24-curl-debuginfo

  < 0:8.2.1-1.el7jbcs | < 0:8.2.1-1.el8jbcs

• redhat•jbcs-httpd24-httpd

  < 0:2.4.57-5.el7jbcs | < 0:2.4.57-5.el8jbcs

• redhat•jbcs-httpd24-httpd-debuginfo

  < 0:2.4.57-5.el7jbcs | < 0:2.4.57-5.el8jbcs

• redhat•jbcs-httpd24-httpd-devel

  < 0:2.4.57-5.el7jbcs | < 0:2.4.57-5.el8jbcs

• redhat•jbcs-httpd24-httpd-manual

  < 0:2.4.57-5.el7jbcs | < 0:2.4.57-5.el8jbcs

• redhat•jbcs-httpd24-httpd-selinux

  < 0:2.4.57-5.el7jbcs | < 0:2.4.57-5.el8jbcs

• redhat•jbcs-httpd24-httpd-tools

  < 0:2.4.57-5.el7jbcs | < 0:2.4.57-5.el8jbcs

• redhat•jbcs-httpd24-httpd-tools-debuginfo

  < 0:2.4.57-5.el8jbcs

• redhat•jbcs-httpd24-libcurl

  < 0:8.2.1-1.el7jbcs | < 0:8.2.1-1.el8jbcs

• redhat•jbcs-httpd24-libcurl-debuginfo

  < 0:8.2.1-1.el8jbcs

• redhat•jbcs-httpd24-libcurl-devel

  < 0:8.2.1-1.el7jbcs | < 0:8.2.1-1.el8jbcs

• redhat•jbcs-httpd24-mod_ldap

  < 0:2.4.57-5.el7jbcs | < 0:2.4.57-5.el8jbcs

• redhat•jbcs-httpd24-mod_ldap-debuginfo

  < 0:2.4.57-5.el8jbcs

• redhat•jbcs-httpd24-mod_proxy_html

  < 1:2.4.57-5.el7jbcs | < 1:2.4.57-5.el8jbcs

• redhat•jbcs-httpd24-mod_proxy_html-debuginfo

  < 1:2.4.57-5.el8jbcs

• redhat•jbcs-httpd24-mod_security

  < 0:2.9.3-29.el7jbcs | < 0:2.9.3-29.el8jbcs

• redhat•jbcs-httpd24-mod_security-debuginfo

  < 0:2.9.3-29.el7jbcs | < 0:2.9.3-29.el8jbcs

• redhat•jbcs-httpd24-mod_session

  < 0:2.4.57-5.el7jbcs | < 0:2.4.57-5.el8jbcs

• redhat•jbcs-httpd24-mod_session-debuginfo

  < 0:2.4.57-5.el8jbcs

• redhat•jbcs-httpd24-mod_ssl

  < 1:2.4.57-5.el7jbcs | < 1:2.4.57-5.el8jbcs

• redhat•jbcs-httpd24-mod_ssl-debuginfo

  < 1:2.4.57-5.el8jbcs

References (46)

• https://access.redhat.com/errata/RHSA-2023:4629
• https://access.redhat.com/security/updates/classification/#moderate
• https://bugzilla.redhat.com/show_bug.cgi?id=2161773
• https://bugzilla.redhat.com/show_bug.cgi?id=2161777
• https://bugzilla.redhat.com/show_bug.cgi?id=2163615
• https://bugzilla.redhat.com/show_bug.cgi?id=2163622
• https://bugzilla.redhat.com/show_bug.cgi?id=2169465
• https://bugzilla.redhat.com/show_bug.cgi?id=2176211
• https://bugzilla.redhat.com/show_bug.cgi?id=2196778
• https://bugzilla.redhat.com/show_bug.cgi?id=2196786
• https://bugzilla.redhat.com/show_bug.cgi?id=2196793
• https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4629.json
• https://access.redhat.com/security/cve/CVE-2022-24963
• https://www.cve.org/CVERecord?id=CVE-2022-24963
• https://nvd.nist.gov/vuln/detail/CVE-2022-24963
• https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9
• https://access.redhat.com/security/cve/CVE-2022-36760
• https://www.cve.org/CVERecord?id=CVE-2022-36760
• https://nvd.nist.gov/vuln/detail/CVE-2022-36760
• https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760
• https://access.redhat.com/security/cve/CVE-2022-37436
• https://www.cve.org/CVERecord?id=CVE-2022-37436
• https://nvd.nist.gov/vuln/detail/CVE-2022-37436
• https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436
• https://access.redhat.com/security/cve/CVE-2022-48279
• https://www.cve.org/CVERecord?id=CVE-2022-48279
• https://nvd.nist.gov/vuln/detail/CVE-2022-48279
• https://access.redhat.com/security/cve/CVE-2023-24021
• https://www.cve.org/CVERecord?id=CVE-2023-24021
• https://nvd.nist.gov/vuln/detail/CVE-2023-24021
• https://access.redhat.com/security/cve/CVE-2023-27522
• https://www.cve.org/CVERecord?id=CVE-2023-27522
• https://nvd.nist.gov/vuln/detail/CVE-2023-27522
• https://httpd.apache.org/security/vulnerabilities_24.html
• https://access.redhat.com/security/cve/CVE-2023-28319
• https://www.cve.org/CVERecord?id=CVE-2023-28319
• https://nvd.nist.gov/vuln/detail/CVE-2023-28319
• https://curl.se/docs/CVE-2023-28319.html
• https://access.redhat.com/security/cve/CVE-2023-28321
• https://www.cve.org/CVERecord?id=CVE-2023-28321
• https://nvd.nist.gov/vuln/detail/CVE-2023-28321
• https://curl.se/docs/CVE-2023-28321.html
• https://access.redhat.com/security/cve/CVE-2023-28322
• https://www.cve.org/CVERecord?id=CVE-2023-28322
• https://nvd.nist.gov/vuln/detail/CVE-2023-28322
• https://curl.se/docs/CVE-2023-28322.html