Threats Tagged 'cve-2024-38473'

Red Hat has issued a security advisory for the Apache HTTP Server (httpd) version 2.4, addressing multiple vulnerabilities in the mod_proxy and mod_rewrite modules. The issues include encoding problems, improper escaping of output, a NULL pointer dereference, and a potential server-side request forgery (SSRF). These vulnerabilities affect Red Hat Enterprise Linux 8 and its extended life cycle versions across multiple architectures. The advisory rates the update as important and provides patches to remediate these issues.

Red Hat has issued a security advisory for the Apache HTTP Server (httpd) packages addressing multiple vulnerabilities in mod_rewrite and mod_proxy modules. The issues include improper escaping of output, substitution encoding problems, null pointer dereference, potential server-side request forgery (SSRF), and encoding problems. These vulnerabilities affect Red Hat Enterprise Linux 9 and its Extended Update Support and Extended Life Cycle versions across multiple architectures. The advisory rates the update as important and provides updated packages to remediate these issues.

Red Hat has issued a security advisory for the Apache HTTP Server (httpd) packages addressing two vulnerabilities: an encoding problem in mod_proxy (CVE-2024-38473) and a potential server-side request forgery (SSRF) in mod_rewrite (CVE-2024-39573). These issues affect Red Hat Enterprise Linux 9.2 Extended Update Support and related variants. The update is rated as having a moderate security impact. Red Hat has released updated packages to fix these vulnerabilities.

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5 includes multiple security fixes addressing vulnerabilities in mod_rewrite and mod_proxy modules. These issues include potential server-side request forgery (SSRF), null pointer dereference, improper escaping of output, encoding problems, substitution encoding issues, and security risks from malicious backend response headers. The update replaces the previous Service Pack 4 and aims to improve security and stability of the Apache HTTP Server component used in Red Hat JBoss middleware products.

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5 addresses multiple security vulnerabilities including potential SSRF, null pointer dereference, improper escaping, and encoding issues in mod_rewrite and mod_proxy modules. These vulnerabilities could lead to security issues via malicious backend application response headers. The update replaces Service Pack 4 and includes bug fixes and enhancements. No CVSS score is provided, but the severity is rated as high by Red Hat. Users are advised to back up their installations before applying the update.