Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 security update
Red Hat JBoss Core Services Apache HTTP Server 2. 4. 62 includes security updates addressing three vulnerabilities: HTTP Response Splitting in multiple modules (CVE-2024-24795), a denial of service via null pointer dereference in mod_http2 websocket over HTTP/2 (CVE-2024-36387), and an OpenSSL buffer overread in SSL_select_next_proto (CVE-2024-5535). These issues have been rated with a low security impact by Red Hat Product Security. The update replaces the previous version 2. 4. 57 Service Pack 6 and includes bug fixes and enhancements. No known exploits are reported in the wild. Red Hat provides an official security advisory and update packages for affected products including Red Hat JBoss Core Services on RHEL 7 and 8. The advisory recommends applying this update after ensuring all previous errata are applied.
AI Analysis
Technical Summary
This security advisory covers Red Hat JBoss Core Services Apache HTTP Server 2.4.62, which addresses three vulnerabilities: CVE-2024-24795 (HTTP Response Splitting in multiple modules), CVE-2024-36387 (denial of service caused by null pointer dereference in mod_http2 websocket over HTTP/2), and CVE-2024-5535 (OpenSSL SSL_select_next_proto buffer overread). The update replaces version 2.4.57 Service Pack 6 and is intended to provide a consistent and faster update experience across JBoss middleware products. Red Hat rates the security impact as low and no exploits in the wild are known. The advisory includes detailed release notes and references for further information.
Potential Impact
The vulnerabilities fixed in this update have a low security impact according to Red Hat Product Security. They include potential HTTP response splitting, denial of service via null pointer dereference, and a buffer overread in OpenSSL. No known active exploitation has been reported. The issues could potentially affect the stability and security of the Apache HTTP Server component within Red Hat JBoss Core Services but are not considered critical or high severity.
Mitigation Recommendations
An official security update to Red Hat JBoss Core Services Apache HTTP Server 2.4.62 is available and should be applied to affected systems. Red Hat advises ensuring all previously released errata are applied before updating. No additional mitigation actions are indicated beyond applying this update. The vendor advisory provides detailed instructions for applying the update.
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 security update
Description
Red Hat JBoss Core Services Apache HTTP Server 2. 4. 62 includes security updates addressing three vulnerabilities: HTTP Response Splitting in multiple modules (CVE-2024-24795), a denial of service via null pointer dereference in mod_http2 websocket over HTTP/2 (CVE-2024-36387), and an OpenSSL buffer overread in SSL_select_next_proto (CVE-2024-5535). These issues have been rated with a low security impact by Red Hat Product Security. The update replaces the previous version 2. 4. 57 Service Pack 6 and includes bug fixes and enhancements. No known exploits are reported in the wild. Red Hat provides an official security advisory and update packages for affected products including Red Hat JBoss Core Services on RHEL 7 and 8. The advisory recommends applying this update after ensuring all previous errata are applied.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This security advisory covers Red Hat JBoss Core Services Apache HTTP Server 2.4.62, which addresses three vulnerabilities: CVE-2024-24795 (HTTP Response Splitting in multiple modules), CVE-2024-36387 (denial of service caused by null pointer dereference in mod_http2 websocket over HTTP/2), and CVE-2024-5535 (OpenSSL SSL_select_next_proto buffer overread). The update replaces version 2.4.57 Service Pack 6 and is intended to provide a consistent and faster update experience across JBoss middleware products. Red Hat rates the security impact as low and no exploits in the wild are known. The advisory includes detailed release notes and references for further information.
Potential Impact
The vulnerabilities fixed in this update have a low security impact according to Red Hat Product Security. They include potential HTTP response splitting, denial of service via null pointer dereference, and a buffer overread in OpenSSL. No known active exploitation has been reported. The issues could potentially affect the stability and security of the Apache HTTP Server component within Red Hat JBoss Core Services but are not considered critical or high severity.
Mitigation Recommendations
An official security update to Red Hat JBoss Core Services Apache HTTP Server 2.4.62 is available and should be applied to affected systems. Red Hat advises ensuring all previously released errata are applied before updating. No additional mitigation actions are indicated beyond applying this update. The vendor advisory provides detailed instructions for applying the update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:3452
- Cve Count
- 3
- Additional Cves
- ["CVE-2024-24795","CVE-2024-36387"]
- Cvss Version
- null
Threat ID: 6a1f4e9ce29bf47b50086944
Added to database: 6/2/2026, 9:43:56 PM
Last enriched: 6/2/2026, 10:23:38 PM
Last updated: 6/3/2026, 5:06:34 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.