httpd-2.4.6-99.1.0.4.el7.AXS7

エラータID: AXSA:2024-8819:06

Release date: 
Friday, September 20, 2024 - 16:52
Subject: 
httpd-2.4.6-99.1.0.4.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The Apache HTTP Server is a powerful, efficient, and extensible web server.

Security Fix(es):

* CVE-2023-38709: faulty input validation in the core of Apache allows malicious
or exploitable backend/content generators to split HTTP responses
* CVE-2024-24795: HTTP response splitting in multiple modules allows an attacker
that can inject malicious response headers into backend applications to cause an
HTTP desynchronization attack

CVE(s):
CVE-2024-24795
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
CVE-2023-38709
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

Solution: 

Update packages.

CVEs: 
CVE-2023-38709
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
CVE-2024-24795
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. httpd-2.4.6-99.1.0.4.el7.AXS7.x86_64.rpm
    MD5: 145f06bed1817634da506c0996c6b771
    SHA-256: cab22b9509ee2d75107833f6b9ece3ceee83e922a21e9bbeb7075cdacff1cd94
    Size: 1.20 MB
  2. httpd-devel-2.4.6-99.1.0.4.el7.AXS7.x86_64.rpm
    MD5: ce04fc5ae75139e6ec4d764edaab5945
    SHA-256: b144e6511ea15a3af792f17ea0c61f4879becc16444ef2d31a43a12c35acfb58
    Size: 201.77 kB
  3. httpd-manual-2.4.6-99.1.0.4.el7.AXS7.noarch.rpm
    MD5: 19c1f4dcb6485b2a858f63d8bd97e7ff
    SHA-256: 6467e8026f87972ee960444a9876b28cc36dd964c6921c1bd4acde233c97c03c
    Size: 1.35 MB
  4. httpd-tools-2.4.6-99.1.0.4.el7.AXS7.x86_64.rpm
    MD5: 3809e8737984f07b351eab34d85ee6fa
    SHA-256: 329b219b659c8b96ef066d89b32919f24068342af953211cac95398975835d1e
    Size: 94.74 kB
  5. mod_session-2.4.6-99.1.0.4.el7.AXS7.x86_64.rpm
    MD5: c9e0a4654732d31439c0d3d9209c5544
    SHA-256: c269298a6ebe11f755ef9e0c8a43b877b3759f6619c00f819d927a945f97a8c4
    Size: 64.81 kB
  6. mod_ssl-2.4.6-99.1.0.4.el7.AXS7.x86_64.rpm
    MD5: 5a5cf42afc966970c29fa1424c9d5146
    SHA-256: 8166c17c9513250464016a139d7f425cc79416208bbe66d6ad93ad0efb2c3df1
    Size: 115.91 kB