安全公告详情

NS-SA-2023-1001

2023-04-20 14:54:03

简介

critical: httpd security update

严重级别

moderate

主题

An update for httpd is now available for NewStart CGSL MAIN V6.06.
NewStart Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

httpd: Out-of-bounds write in ap_escape_quotes() via malicious input
httpd: mod_lua: Possible buffer overflow when parsing multipart content
httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
httpd: mod_http2 concurrent pool usage
httpd: mod_session: NULL pointer dereference when parsing Cookie header
httpd: URL normalization inconsistency
httpd: mod_rewrite potential open redirect
httpd: mod_http2: DoS via slow, unneeded request bodies
Solution:
Remember the build tag is 6.06.02B5.

影响组件

  • httpd

影响产品

  • CGSL MAIN V6.06

更新包

{"fix":[{"product":"CGSL MAIN V6.06","pkgs":[{"binary":["httpd-2.4.37-47.0.1.zncgsl6.x86_64.rpm"],"source":"httpd-2.4.37-47.0.1.zncgsl6.src.rpm\n"}]}]}
CGSL MAIN V6.06
  • httpd-2.4.37-47.0.1.zncgsl6.src.rpm
    • httpd-2.4.37-47.0.1.zncgsl6.x86_64.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108