Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:8841
HistoryDec 08, 2022 - 1:15 p.m.

(RHSA-2022:8841) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

2022-12-0813:15:43
access.redhat.com
32
red hat jboss core services
apache http server
security update
cve-2022-23943
cve-2022-40674
cve-2022-1292
cve-2022-2068
cve-2022-22721
cve-2022-26377
cve-2022-29824
cve-2022-30522
cve-2022-31813
cve-2022-32206
cve-2022-32207
cve-2022-32208
cve-2022-32221
cve-2022-37434
cve-2022-40303
cve-2022-40304
cve-2022-42915
cve-2022-42916
cve-2022-27781
cve-2022-28330
cve-2022-28614
cve-2022-28615
cve-2022-35252

0.348 Low

EPSS

Percentile

97.1%

JSON

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)

  • expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674)

  • openssl: c_rehash script allows command injection (CVE-2022-1292)

  • openssl: the c_rehash script allows command injection (CVE-2022-2068)

  • httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)

  • httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)

  • libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write (CVE-2022-29824)

  • httpd: mod_sed: DoS vulnerability (CVE-2022-30522)

  • httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)

  • curl: HTTP compression denial of service (CVE-2022-32206)

  • curl: Unpreserved file permissions (CVE-2022-32207)

  • curl: FTP-KRB bad message verification (CVE-2022-32208)

  • curl: POST following PUT confusion (CVE-2022-32221)

  • zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field (CVE-2022-37434)

  • libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)

  • libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304)

  • curl: HTTP proxy double-free (CVE-2022-42915)

  • curl: HSTS bypass via IDN (CVE-2022-42916)

  • curl: CERTINFO never-ending busy-loop (CVE-2022-27781)

  • httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)

  • httpd: Out-of-bounds read via ap_rwrite() (CVE-2022-28614)

  • httpd: Out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)

  • curl: control code in cookie denial of service (CVE-2022-35252)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 69
redhat 4
openvas 50
photon 5
slackware 3
amazon 4
osv 11
oraclelinux 3
almalinux 3
ibm 14
freebsd 3
kaspersky 1
rocky 3
altlinux 3
redos 2
suse 3
ubuntu 5
fedora 7
cloudlinux 1
mageia 1
cloudfoundry 2
ics 2
nessus
nessus
RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 (RHSA-2022:8840)
2022-12-08 00:00:00
EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-2320)
2022-09-14 00:00:00
Amazon Linux 2022 : (ALAS2022-2022-110)
2022-09-07 00:00:00
redhat
redhat
(RHSA-2022:8840) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update
2022-12-08 12:59:13
(RHSA-2022:8067) Moderate: httpd security, bug fix, and enhancement update
2022-11-15 06:14:59
(RHSA-2022:7647) Moderate: httpd:2.4 security update
2022-11-08 06:25:28
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1005)
2023-01-09 00:00:00
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2347)
2022-09-26 00:00:00
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2383)
2022-09-26 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0202
2022-06-22 00:00:00
Critical Photon OS Security Update - PHSA-2022-0489
2022-06-22 00:00:00
Critical Photon OS Security Update - PHSA-2022-4.0-0202
2022-06-22 00:00:00
slackware
slackware
[slackware-security] httpd
2022-06-08 19:24:07
[slackware-security] curl
2022-10-27 02:30:21
[slackware-security] curl
2022-06-28 19:27:52
amazon
amazon
Medium: httpd
2022-07-06 03:12:00
Medium: httpd24
2022-06-30 23:38:00
Medium: curl
2022-10-31 19:40:00
osv
osv
Moderate: httpd security, bug fix, and enhancement update
2022-11-15 00:00:00
Moderate: httpd:2.4 security update
2022-11-08 00:00:00
Moderate: httpd security, bug fix, and enhancement update
2022-11-15 06:14:59
oraclelinux
oraclelinux
httpd:2.4 security update
2022-11-15 00:00:00
httpd security, bug fix, and enhancement update
2022-11-22 00:00:00
curl security update
2022-08-25 00:00:00
almalinux
almalinux
Moderate: httpd:2.4 security update
2022-11-08 00:00:00
Moderate: httpd security, bug fix, and enhancement update
2022-11-15 00:00:00
Moderate: curl security update
2022-08-24 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase ( CVE-2022-42915, CVE-2022-42916, CVE-2022-32221, CVE-2022-35252, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207 )
2023-01-31 14:06:26
Security Bulletin: IBM QRadar Wincollect agent is vulnerable to using components with know vulnerabilities
2022-12-05 19:19:10
Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by multiple vulnerabilities in libcurl (CVE-2022-42915, CVE-2022-42916, CVE-2022-32221)
2022-11-17 08:48:52
freebsd
freebsd
Apache httpd -- Multiple vulnerabilities
2022-06-08 00:00:00
cURL -- Multiple vulnerabilities
2022-06-27 00:00:00
curl -- multiple vulnerabilities
2022-10-26 00:00:00
kaspersky
kaspersky
KLA12554 Multiple vulnerabilities in Apache HTTP Server
2022-06-08 00:00:00
rocky
rocky
httpd security, bug fix, and enhancement update
2022-11-15 06:14:59
httpd:2.4 security update
2022-11-08 06:25:28
curl security update
2022-08-24 14:56:48
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 1:2.4.54-alt1
2022-06-19 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.54-alt1
2022-06-21 00:00:00
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.12-alt1.p10.1
2023-02-02 00:00:00
redos
redos
ROS-20220628-01
2022-06-28 00:00:00
ROS-20221108-01
2022-11-08 00:00:00
suse
suse
Security update for apache2 (important)
2022-07-06 00:00:00
Security update for apache2 (important)
2022-07-08 00:00:00
Security update for curl (important)
2022-07-06 00:00:00
ubuntu
ubuntu
Apache HTTP Server regression
2022-06-23 00:00:00
Apache HTTP Server regression
2022-06-23 00:00:00
Apache HTTP Server vulnerabilities
2022-06-21 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: httpd-2.4.54-1.fc35
2022-07-06 01:54:10
[SECURITY] Fedora 36 Update: httpd-2.4.54-3.fc36
2022-07-01 01:09:46
[SECURITY] Fedora 36 Update: curl-7.82.0-9.fc36
2022-10-30 21:00:40
cloudlinux
cloudlinux
Fixed CVEs in httpd: CVE-2022-31813, CVE-2022-28615, CVE-2022-26377
2022-06-28 20:14:01
mageia
mageia
Updated curl packages fix security vulnerability
2022-07-05 22:11:26
cloudfoundry
cloudfoundry
USN-5702-1: curl vulnerabilities | Cloud Foundry
2023-05-18 00:00:00
USN-5495-1: curl vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
ics
ics
Siemens SINEC NMS Third-Party
2023-05-11 12:00:00
Mitsubishi Electric MELSOFT iQ AppPortal
2023-02-21 12:00:00

0.348 Low

EPSS

Percentile

97.1%

JSON
Related for RHSA-2022:8841
nessus69redhat4openvas50photon5slackware3amazon4osv11oraclelinux3almalinux3ibm14freebsd3kaspersky1rocky3altlinux3redos2suse3ubuntu5fedora7cloudlinux1mageia1cloudfoundry2ics2