Debian Bug report logs -
#1032476
apache2: CVE-2023-25690 CVE-2023-27522
Package:
src:apache2;
Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 7 Mar 2023 19:51:02 UTC
Severity: grave
Tags: security, upstream
F ...
Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in HTTP response splitting or denial of service
For the stable distribution (bullseye), these problems have been fixed in
version 2456-1~deb11u1
We recommend that you upgrade your apache2 packages
For the detailed security status of apache2 please refer t ...
Synopsis
Moderate: httpd:24 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the httpd:24 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update ...
Synopsis
Moderate: Red Hat JBoss Core Services Apache HTTP Server 2457 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security h ...
Synopsis
Moderate: Red Hat JBoss Core Services Apache HTTP Server 2457 security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat JBoss Core Services Apache HTTP Server 2457 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis
Low: Logging Subsystem 581- Red Hat OpenShift security update
Type/Severity
Security Advisory: Low
Topic
An update is now available for RHOL-58-RHEL-9Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, i ...
Some mod_proxy configurations on Apache HTTP Server versions 240 through 2455 allow a HTTP Request Smuggling attack Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-insert ...
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent This could cause the process to crash This issue affects Apache HTTP Server 2454 and earlier (CVE-2006-20001)
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulne ...
Description<!----> This CVE is under investigation by Red Hat Product Security ...