安全公告详情

NS-SA-2021-0188

2021-09-25 14:54:03

简介

critical: httpd security update

严重级别

moderate

主题

An update for httpd is now available for NewStart CGSL MAIN V6.02.
NewStart Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

httpd: Out-of-bounds write in ap_escape_quotes() via malicious input
httpd: mod_lua: Possible buffer overflow when parsing multipart content
httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
httpd: mod_http2 concurrent pool usage
httpd: mod_session: NULL pointer dereference when parsing Cookie header
httpd: URL normalization inconsistency
httpd: mod_rewrite potential open redirect
httpd: mod_http2: DoS via slow, unneeded request bodies
Solution:
Remember the build tag is 6.02.B0B9.

影响组件

  • httpd

影响产品

  • CGSL MAIN V6.02

更新包

{"fix":[{"product":"CGSL MAIN V6.02","pkgs":[{"binary":["httpd-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64.rpm"],"source":"httpd-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64.src.rpm"}]}]}
CGSL MAIN V6.02
  • httpd-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64.src.rpm
    • httpd-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108