Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2019:4126
HistoryDec 10, 2019 - 6:29 a.m.

(RHSA-2019:4126) Moderate: httpd24-httpd security, bug fix, and enhancement update

2019-12-1006:29:23
access.redhat.com
93

0.831 High

EPSS

Percentile

98.4%

JSON

The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.

Security Fix(es):

  • httpd: mod_session_cookie does not respect expiry time (CVE-2018-17199)

  • httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217)

  • httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)

  • httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)

  • httpd: URL normalization inconsistency (CVE-2019-0220)

  • httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • ExtendedStatus Off directive when using mod_systemd causes systemctl to hang (BZ#1669213)

  • httpd can not be started with mod_md enabled (BZ#1673019)

  • Rebuild metapackage with latest scl-utils (BZ#1696527)

  • fix a regression introduced in r1740928 (BZ#1707636)

  • duplicated cookie in Apache httpd with mod_session (BZ#1725922)

  • Unexpected OCSP in proxy SSL connection (BZ#1744120)

Enhancement(s):

  • RFE: updated collection for httpd 2.4 (BZ#1726706)

Additional Changes:

For detailed information on changes in this release, see the Red Hat Software Collections 3.4 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat6x86_64httpd24-nghttp2-debuginfo< 1.7.1-8.el6httpd24-nghttp2-debuginfo-1.7.1-8.el6.x86_64.rpm
RedHat7ppc64lehttpd24-httpd-tools< 2.4.34-15.el7httpd24-httpd-tools-2.4.34-15.el7.ppc64le.rpm
RedHat7aarch64httpd24-httpd-tools< 2.4.34-15.el7httpd24-httpd-tools-2.4.34-15.el7.aarch64.rpm
RedHat7s390xhttpd24-nghttp2-debuginfo< 1.7.1-8.el7httpd24-nghttp2-debuginfo-1.7.1-8.el7.s390x.rpm
RedHat7x86_64httpd24-mod_md< 2.4.34-15.el7httpd24-mod_md-2.4.34-15.el7.x86_64.rpm
RedHat7s390xhttpd24< 1.1-19.el7httpd24-1.1-19.el7.s390x.rpm
RedHat7aarch64httpd24-nghttp2-debuginfo< 1.7.1-8.el7httpd24-nghttp2-debuginfo-1.7.1-8.el7.aarch64.rpm
RedHat7x86_64httpd24-libnghttp2< 1.7.1-8.el7httpd24-libnghttp2-1.7.1-8.el7.x86_64.rpm
RedHat7ppc64lehttpd24-mod_proxy_html< 2.4.34-15.el7httpd24-mod_proxy_html-2.4.34-15.el7.ppc64le.rpm
RedHat7x86_64httpd24-httpd-devel< 2.4.34-15.el7httpd24-httpd-devel-2.4.34-15.el7.x86_64.rpm
Rows per page:
1-10 of 821

Related

nessus 48
openvas 39
debian 3
ubuntu 1
mageia 1
ibm 9
oraclelinux 2
redhat 4
centos 1
altlinux 6
slackware 1
archlinux 1
fedora 7
amazon 3
kaspersky 1
freebsd 1
photon 6
symantec 1
gentoo 1
prion 5
redhatcve 5
cvelist 5
osv 8
f5 4
alpinelinux 5
ubuntucve 5
cve 5
httpd 5
debiancve 5
hackerone 1
veracode 3
checkpoint_advisories 1
githubexploit 1
zdt 1
almalinux 1
nuclei 1
rocky 1
broadcom 1
nessus
nessus
RHEL 6 / 7 : httpd24-httpd (RHSA-2019:4126)
2024-04-28 00:00:00
openSUSE Security Update : apache2 (openSUSE-2019-296)
2019-03-07 00:00:00
Debian DSA-4422-1 : apache2 - security update
2019-04-04 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:0889-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:0888-1)
2021-04-19 00:00:00
Debian: Security Advisory (DSA-4422-1)
2019-04-06 00:00:00
debian
debian
[SECURITY] [DSA 4422-1] apache2 security update
2019-04-03 09:10:59
[SECURITY] [DSA 4509-3] apache2 security update
2019-10-15 21:12:52
[SECURITY] [DSA 4509-3] apache2 security update
2019-10-15 21:12:52
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2019-04-04 00:00:00
mageia
mageia
Updated apache packages fix security vulnerability
2019-03-15 00:39:55
ibm
ibm
Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities
2019-09-05 04:18:04
Security Bulletin: Vulnerabilities CVE-2018-17199, CVE-2018-17189, and CVE-2019-0190 in the IBM i HTTP Server affect IBM i.
2019-02-20 22:00:02
Security Bulletin: Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2019-0190; CVE-2018-17189; CVE-2018-17199)
2019-03-28 07:00:01
oraclelinux
oraclelinux
httpd:2.4 security and bug fix update
2019-11-14 00:00:00
httpd security and bug fix update
2019-08-13 00:00:00
redhat
redhat
(RHSA-2019:3436) Moderate: httpd:2.4 security and bug fix update
2019-11-05 17:46:04
(RHSA-2019:2343) Moderate: httpd security and bug fix update
2019-08-06 08:27:25
(RHSA-2020:0251) Low: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP1 Security Update
2020-01-27 21:17:57
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2019-09-18 20:21:26
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 1:2.4.38-alt1
2019-01-28 00:00:00
Security fix for the ALT Linux 9 package apache2 version 1:2.4.38-alt1
2019-01-25 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.38-alt1
2019-01-25 00:00:00
slackware
slackware
[slackware-security] httpd
2019-01-23 04:41:31
archlinux
archlinux
[ASA-201901-14] apache: multiple issues
2019-01-24 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: httpd-2.4.41-1.fc29
2019-09-30 01:39:18
[SECURITY] Fedora 30 Update: mod_md-2.0.8-2.fc30
2019-08-23 01:27:58
[SECURITY] Fedora 29 Update: mod_md-2.0.8-3.fc29
2019-09-30 01:39:18
amazon
amazon
Medium: httpd
2019-10-28 17:42:00
Important: httpd24
2019-03-06 22:21:00
Low: mod_http2
2019-04-25 16:39:00
kaspersky
kaspersky
KLA12364 Multiple vulnerabilities in Apache HTTP Server
2019-02-28 00:00:00
freebsd
freebsd
Apache -- vulnerability
2019-01-22 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0230
2019-04-30 00:00:00
Important Photon OS Security Update - PHSA-2019-0230
2019-04-30 00:00:00
Important Photon OS Security Update - PHSA-2019-0013
2019-04-30 00:00:00
symantec
symantec
Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020
2020-06-12 20:41:37
gentoo
gentoo
Apache: Multiple vulnerabilities
2019-03-28 00:00:00
prion
prion
Session fixation
2019-01-30 22:29:00
Design/Logic Flaw
2019-01-30 22:29:00
Null pointer dereference
2019-09-26 16:15:00
redhatcve
redhatcve
CVE-2018-17199
2019-01-22 21:50:18
CVE-2019-10097
2020-04-01 20:22:36
CVE-2018-17189
2019-01-22 21:50:53
cvelist
cvelist
CVE-2018-17199
2019-01-22 00:00:00
CVE-2018-17189
2019-01-22 00:00:00
CVE-2019-10097
2019-09-26 14:21:24
osv
osv
CVE-2018-17189
2019-01-30 22:29:00
CVE-2019-10097
2019-09-26 16:15:10
CVE-2018-17199
2019-01-30 22:29:00
f5
f5
K86612211 : Apache vulnerability CVE-2018-17189
2019-02-04 00:00:00
K54207009 : Apache mod_remoteip vulnerability CVE-2019-10097
2019-09-09 00:00:00
K54296221 : Apache httpd vulnerability CVE-2018-17199
2019-02-05 00:00:00
alpinelinux
alpinelinux
CVE-2018-17189
2019-01-30 22:29:00
CVE-2019-10097
2019-09-26 16:15:10
CVE-2018-17199
2019-01-30 22:29:00
ubuntucve
ubuntucve
CVE-2019-10097
2019-08-14 00:00:00
CVE-2018-17189
2019-01-30 00:00:00
CVE-2018-17199
2019-01-30 00:00:00
cve
cve
CVE-2018-17189
2019-01-30 22:29:00
CVE-2019-10097
2019-09-26 16:15:10
CVE-2018-17199
2019-01-30 22:29:00
httpd
httpd
Apache Httpd < 2.4.38 : mod_session_cookie does not respect expiry time
2018-10-08 00:00:00
Apache Httpd < 2.4.41 : CVE-2019-10097 mod_remoteip: Stack buffer overflow and NULL pointer dereference
2019-07-23 00:00:00
Apache Httpd < 2.4.38 : DoS for HTTP/2 connections via slow request bodies
2018-10-16 00:00:00
debiancve
debiancve
CVE-2018-17199
2019-01-30 22:29:00
CVE-2019-10097
2019-09-26 16:15:10
CVE-2018-17189
2019-01-30 22:29:00
hackerone
hackerone
Internet Bug Bounty: mod_remoteip stack buffer overflow and NULL pointer dereference
2019-08-15 14:42:13
veracode
veracode
Denial Of Service (DoS)
2019-11-21 00:17:08
Improper Session Management
2019-11-21 00:17:08
Authorization Bypass
2019-08-08 00:07:37
checkpoint_advisories
checkpoint_advisories
Apache httpd Server Buffer Overflow (CVE-2019-10097)
2020-03-05 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Apache Http Server
2019-12-18 14:15:13
zdt
zdt
Apache Httpd mod_proxy - Error Page Cross-Site Scripting Vulnerability
2019-11-19 00:00:00
almalinux
almalinux
Moderate: httpd:2.4 security, bug fix, and enhancement update
2020-11-03 12:33:02
nuclei
nuclei
Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting
2021-01-09 14:45:11
rocky
rocky
httpd:2.4 security, bug fix, and enhancement update
2020-11-03 12:33:02
broadcom
broadcom
Apache httpd URL normalization inconsistency
2023-08-01 00:00:00

0.831 High

EPSS

Percentile

98.4%

JSON
Related for RHSA-2019:4126
nessus48openvas39debian3ubuntu1mageia1ibm9oraclelinux2redhat4centos1altlinux6slackware1archlinux1fedora7amazon3kaspersky1freebsd1photon6symantec1gentoo1prion5redhatcve5cvelist5osv8f54alpinelinux5ubuntucve5cve5httpd5debiancve5hackerone1veracode3checkpoint_advisories1githubexploit1zdt1almalinux1nuclei1rocky1broadcom1