httpd-2.4.6-97.1.0.1.el7.AXS7
エラータID: AXSA:2021-2480:01
Release date:
Friday, October 15, 2021 - 07:07
Subject:
httpd-2.4.6-97.1.0.1.el7.AXS7
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Solution:
Update packages.
CVEs:
CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Additional Info:
N/A
Download:
SRPMS
- httpd-2.4.6-97.1.0.1.el7.AXS7.src.rpm
MD5: 20c105d31954b5bd1cbecf9f427cd65f
SHA-256: 111c9c7ba9a593e28c5f4d42f0be6ccf79e7b548aa52596dce9122e5769dc6a9
Size: 4.98 MB
Asianux Server 7 for x86_64
- httpd-2.4.6-97.1.0.1.el7.AXS7.x86_64.rpm
MD5: 54bc98f64a879ecaa419a7c33bff07d3
SHA-256: e9d05900ee5153caa3d948a1b5a74b2c4d99cc523d52bb05ed42648c846faac8
Size: 1.19 MB - httpd-devel-2.4.6-97.1.0.1.el7.AXS7.x86_64.rpm
MD5: af868841b54efb45ad96df4b6c2aa832
SHA-256: 4ebe85297251f8fbfe5df1b832388040516f8a1bfad8584ff202969abb11d6bc
Size: 198.62 kB - httpd-manual-2.4.6-97.1.0.1.el7.AXS7.noarch.rpm
MD5: 49d1b34d78b0c68fa54debdbe7a0bf8f
SHA-256: 8a7ab693a52d4048f1416eac916639bfa64f184d637bc352b01f50a21dd1397c
Size: 1.34 MB - httpd-tools-2.4.6-97.1.0.1.el7.AXS7.x86_64.rpm
MD5: c09783036dd56b9ffac4b626768016ea
SHA-256: 2ae21fb2450b2257efd5bb999815a8cbed126dc806ced7d0b450bac03172dd1b
Size: 92.47 kB - mod_session-2.4.6-97.1.0.1.el7.AXS7.x86_64.rpm
MD5: 340d9306a085465f7010be3621c1df41
SHA-256: 98708b5bdead965b1a49363a08190e3fd5fe46d29b201c0e20d9263dfdc87a9c
Size: 62.52 kB - mod_ssl-2.4.6-97.1.0.1.el7.AXS7.x86_64.rpm
MD5: b36e1fb1d2dec90b77d8a51996faebc2
SHA-256: 3b8eb522e584285cad5503b855eca80ef79b35c83ad4d43d82bb832d7f184fd7
Size: 113.62 kB