httpd24-httpd-2.4.34-22.el7.1
エラータID: AXSA:2021-2460:01
Release date:
Monday, October 11, 2021 - 09:49
Subject:
httpd24-httpd-2.4.34-22.el7.1
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Solution:
Update packages.
CVEs:
CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Additional Info:
N/A
Download:
SRPMS
- httpd24-httpd-2.4.34-22.el7.1.src.rpm
MD5: 4217c46197574187e890698580478080
SHA-256: f390051556215400587ed77ffc2ed3af0e93f9d05856d96ce0a10feb1838ac7d
Size: 6.75 MB
Asianux Server 7 for x86_64
- httpd24-httpd-2.4.34-22.el7.1.x86_64.rpm
MD5: bff837c75533d28b37fdc353c06ede82
SHA-256: 3d4bcc4a01449c3e353d73863637852353bde3385e9c6bae96dc5fb50a845867
Size: 1.38 MB - httpd24-httpd-devel-2.4.34-22.el7.1.x86_64.rpm
MD5: 240a4b6695f4306ed3aa61181c980dfd
SHA-256: b7acd6519d0743626ea0fb9ca7db7eb33f150c1ee2bfb600fadcaed464d5bcad
Size: 208.86 kB - httpd24-httpd-manual-2.4.34-22.el7.1.noarch.rpm
MD5: 72f4fd6a780c3d41b9ff6adb730755c3
SHA-256: 14af833d841cf5ec244961e64f3b7461118b5a9c5f961c4fcf03bde033355678
Size: 2.36 MB - httpd24-httpd-tools-2.4.34-22.el7.1.x86_64.rpm
MD5: 83e0c6660d2c407b6dca94f36cc43589
SHA-256: 0cdbf2d5a0d493addf76ab633482e527aa24304ece57a6d60a736159167809b2
Size: 90.60 kB - httpd24-mod_ldap-2.4.34-22.el7.1.x86_64.rpm
MD5: a771659b36f2184c02cd27ad333c221b
SHA-256: 7653e2cb8aba26b0ca53e4d7b1cb5b0566236d69a2098c3797d74a3f3666e856
Size: 71.00 kB - httpd24-mod_proxy_html-2.4.34-22.el7.1.x86_64.rpm
MD5: 64a4a27a2f439995249df3973ceaa358
SHA-256: 18ca0e3d08ba3bd7a5b37a5e35d9064d9033f6c119a3239770684176f804d677
Size: 49.18 kB - httpd24-mod_session-2.4.34-22.el7.1.x86_64.rpm
MD5: c42fafb2cad1ccfabe01dacbd9b1bb38
SHA-256: cb17da807a10f1d53b883b334d8216df1aed67b719c790f70cd9e03c96b2c9dd
Size: 60.09 kB - httpd24-mod_ssl-2.4.34-22.el7.1.x86_64.rpm
MD5: e70edb508a875cc0449e75257beb5ab5
SHA-256: d6a7c6d5f727f26d3a9532522e8d3ae10706b3594cbcf085132e385fcd057599
Size: 115.36 kB