(RHSA-2024:2387) Moderate: mod_jk and mod_proxy_cluster security update

2024-04-3006:15:33

access.redhat.com

mod_jk

mod_proxy_cluster

apache http server

security update

information disclosure

load-balancer

cvss score

red hat enterprise linux 9.4

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.002

Percentile

61.9%

JSON

The mod_jk module is a plugin for the Apache HTTP Server to connect it with the Apache Tomcat servlet engine.

The mod_proxy_cluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality.

Security Fix(es):

httpd: Apache Tomcat Connectors (mod_jk) Information Disclosure (CVE-2023-41081)
mod_cluster/mod_proxy_cluster: Stored Cross site Scripting (CVE-2023-6710)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9s390xmod_jk-debuginfo< 1.2.49-1.el9_4mod_jk-debuginfo-1.2.49-1.el9_4.s390x.rpm
RedHat9aarch64mod_jk-debuginfo< 1.2.49-1.el9_4mod_jk-debuginfo-1.2.49-1.el9_4.aarch64.rpm
RedHat9x86_64mod_jk-debuginfo< 1.2.49-1.el9_4mod_jk-debuginfo-1.2.49-1.el9_4.x86_64.rpm
RedHat9s390xmod_jk< 1.2.49-1.el9_4mod_jk-1.2.49-1.el9_4.s390x.rpm
RedHat9x86_64mod_proxy_cluster< 1.3.20-1.el9_4mod_proxy_cluster-1.3.20-1.el9_4.x86_64.rpm
RedHat9ppc64lemod_proxy_cluster-debugsource< 1.3.20-1.el9_4mod_proxy_cluster-debugsource-1.3.20-1.el9_4.ppc64le.rpm
RedHat9s390xmod_jk-debugsource< 1.2.49-1.el9_4mod_jk-debugsource-1.2.49-1.el9_4.s390x.rpm
RedHat9x86_64mod_jk< 1.2.49-1.el9_4mod_jk-1.2.49-1.el9_4.x86_64.rpm
RedHat9aarch64mod_proxy_cluster-debugsource< 1.3.20-1.el9_4mod_proxy_cluster-debugsource-1.3.20-1.el9_4.aarch64.rpm
RedHat9s390xmod_proxy_cluster< 1.3.20-1.el9_4mod_proxy_cluster-1.3.20-1.el9_4.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	9	s390x	mod_jk-debuginfo	< 1.2.49-1.el9_4	mod_jk-debuginfo-1.2.49-1.el9_4.s390x.rpm
RedHat	9	aarch64	mod_jk-debuginfo	< 1.2.49-1.el9_4	mod_jk-debuginfo-1.2.49-1.el9_4.aarch64.rpm
RedHat	9	x86_64	mod_jk-debuginfo	< 1.2.49-1.el9_4	mod_jk-debuginfo-1.2.49-1.el9_4.x86_64.rpm
RedHat	9	s390x	mod_jk	< 1.2.49-1.el9_4	mod_jk-1.2.49-1.el9_4.s390x.rpm
RedHat	9	x86_64	mod_proxy_cluster	< 1.3.20-1.el9_4	mod_proxy_cluster-1.3.20-1.el9_4.x86_64.rpm
RedHat	9	ppc64le	mod_proxy_cluster-debugsource	< 1.3.20-1.el9_4	mod_proxy_cluster-debugsource-1.3.20-1.el9_4.ppc64le.rpm
RedHat	9	s390x	mod_jk-debugsource	< 1.2.49-1.el9_4	mod_jk-debugsource-1.2.49-1.el9_4.s390x.rpm
RedHat	9	x86_64	mod_jk	< 1.2.49-1.el9_4	mod_jk-1.2.49-1.el9_4.x86_64.rpm
RedHat	9	aarch64	mod_proxy_cluster-debugsource	< 1.3.20-1.el9_4	mod_proxy_cluster-debugsource-1.3.20-1.el9_4.aarch64.rpm
RedHat	9	s390x	mod_proxy_cluster	< 1.3.20-1.el9_4	mod_proxy_cluster-1.3.20-1.el9_4.s390x.rpm