Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:7144
HistoryOct 26, 2022 - 8:04 p.m.

(RHSA-2022:7144) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update

2022-10-2620:04:31
access.redhat.com
22
red hat jboss core services
apache http server
security update
bug fixes
enhancements
zlib
expat
httpd
cve-2018-25032
cve-2022-25235
cve-2022-25236
cve-2022-25315
cve-2021-33193
cve-2021-36160
cve-2021-39275
cve-2021-41524
cve-2021-44224
cve-2021-45960
cve-2021-46143
cve-2022-22822
cve-2022-22823
cve-2022-22824
cve-2022-22825
cve-2022-22826
cve-2022-22827
cve-2022-23852
cve-2022-25313
cve-2022-25314
cve-2022-23990

0.307 Low

EPSS

Percentile

97.0%

JSON

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)

  • expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)

  • expat: Namespace-separator characters in “xmlns[:prefix]” attribute values can lead to arbitrary code execution (CVE-2022-25236)

  • expat: Integer overflow in storeRawNames() (CVE-2022-25315)

  • httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)

  • httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)

  • httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)

  • httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524)

  • httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)

  • expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)

  • expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)

  • expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)

  • expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)

  • expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)

  • expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)

  • expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)

  • expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)

  • expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)

  • expat: stack exhaustion in doctype parsing (CVE-2022-25313)

  • expat: integer overflow in copyString() (CVE-2022-25314)

  • expat: integer overflow in the doProlog function (CVE-2022-23990)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 71
ibm 24
openvas 50
aix 1
redhat 5
ics 1
cloudlinux 1
osv 11
cloudfoundry 1
oraclelinux 3
gentoo 1
debian 4
ubuntu 1
almalinux 3
rocky 2
centos 1
mageia 2
slackware 2
suse 3
hp 1
altlinux 1
amazon 2
photon 3
redos 1
fedora 2
f5 2
nessus
nessus
EulerOS Virtualization 2.10.0 : expat (EulerOS-SA-2022-2022)
2022-07-15 00:00:00
EulerOS Virtualization 2.10.1 : expat (EulerOS-SA-2022-2050)
2022-07-14 00:00:00
CentOS 7 : expat (CESA-2022:1069)
2022-03-30 00:00:00
ibm
ibm
Security Bulletin: Expat vulnerabilities affect IBM Netezza Analytics
2022-06-03 14:32:29
Security Bulletin: Expat vulnerabilities affect IBM Netezza Analytics for NPS
2022-06-03 14:32:29
Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs
2022-12-30 17:31:59
openvas
openvas
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2022-2022)
2022-07-14 00:00:00
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2022-2555)
2022-10-12 00:00:00
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2022-2050)
2022-07-14 00:00:00
aix
aix
AIX is affected by multiple vulnerabilities in Python
2022-07-28 13:12:18
redhat
redhat
(RHSA-2022:0951) Important: expat security update
2022-03-16 15:13:06
(RHSA-2022:1069) Important: expat security update
2022-03-28 08:42:24
(RHSA-2022:7692) Moderate: xmlrpc-c security update
2022-11-08 06:26:32
ics
ics
Hitachi Energy AFS65x, AFF66x, AFS67x, and AFR67x Series Products
2023-10-05 12:00:00
cloudlinux
cloudlinux
Fixed 13 CVEs in expat
2022-08-17 18:50:48
osv
osv
expat - security update
2022-02-12 00:00:00
Important: expat security update
2022-03-16 00:00:00
expat vulnerabilities
2022-02-21 14:48:40
cloudfoundry
cloudfoundry
USN-5288-1: Expat vulnerabilities | Cloud Foundry
2022-04-21 00:00:00
oraclelinux
oraclelinux
expat security update
2022-03-16 00:00:00
expat security update
2022-03-28 00:00:00
xmlrpc-c security update
2022-11-15 00:00:00
gentoo
gentoo
Expat: Multiple Vulnerabilities
2022-09-29 00:00:00
debian
debian
[SECURITY] [DSA 5073-1] expat security update
2022-02-12 13:32:08
[SECURITY] [DLA 2904-1] expat security update
2022-01-30 21:42:20
[SECURITY] [DSA 5085-1] expat security update
2022-02-22 20:17:14
ubuntu
ubuntu
Expat vulnerabilities
2022-02-21 00:00:00
almalinux
almalinux
Important: expat security update
2022-03-16 00:00:00
Moderate: xmlrpc-c security update
2022-11-08 00:00:00
Important: mingw-expat security update
2022-11-08 00:00:00
rocky
rocky
expat security update
2022-03-16 15:13:06
xmlrpc-c security update
2022-11-08 06:26:32
centos
centos
expat security update
2022-03-29 22:31:03
mageia
mageia
Updated expat packages fix security vulnerability
2022-01-25 15:13:11
Updated expat packages fix security vulnerability
2022-02-22 23:15:16
slackware
slackware
[slackware-security] expat
2022-01-16 21:48:11
[slackware-security] expat
2022-02-20 05:16:42
suse
suse
Security update for expat (important)
2022-01-25 00:00:00
Security update for expat (important)
2022-03-04 00:00:00
Security update for expat (important)
2022-07-06 00:00:00
hp
hp
Expat Library update for Teradici PCoIP Software and Firmware
2022-04-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package expat version 2.4.3-alt1
2022-01-31 00:00:00
amazon
amazon
Medium: expat
2022-06-30 23:38:00
Medium: expat
2022-07-06 03:09:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0462
2022-01-22 00:00:00
Critical Photon OS Security Update - PHSA-2022-0431
2022-01-23 00:00:00
Critical Photon OS Security Update - PHSA-2022-0353
2022-01-19 00:00:00
redos
redos
ROS-20220225-01
2022-02-25 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: mingw-expat-2.4.6-1.fc35
2022-03-01 18:20:49
[SECURITY] Fedora 34 Update: mingw-expat-2.4.6-1.fc34
2022-03-01 18:37:17
f5
f5
K19473898 : Expat vulnerabilities CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, and CVE-2022-25315
2022-04-30 00:00:00
K91589041 : Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827
2022-05-01 00:00:00

0.307 Low

EPSS

Percentile

97.0%

JSON
Related for RHSA-2022:7144
nessus71ibm24openvas50aix1redhat5ics1cloudlinux1osv11cloudfoundry1oraclelinux3gentoo1debian4ubuntu1almalinux3rocky2centos1mageia2slackware2suse3hp1altlinux1amazon2photon3redos1fedora2f52