Threats Tagged 'cve-2024-38477'

Red Hat has issued a security advisory for the Apache HTTP Server (httpd) version 2.4, addressing multiple vulnerabilities in the mod_proxy and mod_rewrite modules. The issues include encoding problems, improper escaping of output, a NULL pointer dereference, and a potential server-side request forgery (SSRF). These vulnerabilities affect Red Hat Enterprise Linux 8 and its extended life cycle versions across multiple architectures. The advisory rates the update as important and provides patches to remediate these issues.

Red Hat has issued a security advisory for the Apache HTTP Server (httpd) packages addressing multiple vulnerabilities in mod_rewrite and mod_proxy modules. The issues include improper escaping of output, substitution encoding problems, null pointer dereference, potential server-side request forgery (SSRF), and encoding problems. These vulnerabilities affect Red Hat Enterprise Linux 9 and its Extended Update Support and Extended Life Cycle versions across multiple architectures. The advisory rates the update as important and provides updated packages to remediate these issues.

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5 includes multiple security fixes addressing vulnerabilities in mod_rewrite and mod_proxy modules. These issues include potential server-side request forgery (SSRF), null pointer dereference, improper escaping of output, encoding problems, substitution encoding issues, and security risks from malicious backend response headers. The update replaces the previous Service Pack 4 and aims to improve security and stability of the Apache HTTP Server component used in Red Hat JBoss middleware products.

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5 addresses multiple security vulnerabilities including potential SSRF, null pointer dereference, improper escaping, and encoding issues in mod_rewrite and mod_proxy modules. These vulnerabilities could lead to security issues via malicious backend application response headers. The update replaces Service Pack 4 and includes bug fixes and enhancements. No CVSS score is provided, but the severity is rated as high by Red Hat. Users are advised to back up their installations before applying the update.

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474) * httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475) * httpd: NULL pointer dereference in mod_proxy (CVE-2024-38477) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474) * httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475) * httpd: NULL pointer dereference in mod_proxy (CVE-2024-38477) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.