What is the severity of RHSA-2015:1667?

The severity of RHSA-2015:1667 is classified as moderate.

How do I fix RHSA-2015:1667?

To fix RHSA-2015:1667, you should update the affected httpd packages to version 2.4.6-31.el7_1.1 or later.

Which versions of httpd are affected by RHSA-2015:1667?

All versions of httpd prior to 2.4.6-31.el7_1.1 are affected by RHSA-2015:1667.

What types of attacks does RHSA-2015:1667 protect against?

RHSA-2015:1667 addresses vulnerabilities that could allow remote attackers to exploit HTTP request and response parsing issues.

Is RHSA-2015:1667 relevant for httpd-debuginfo and httpd-devel packages?

Yes, RHSA-2015:1667 applies to httpd-debuginfo and httpd-devel packages, requiring updates for those as well.

Vulnerability/
RHSA-2015:1667

24/8/2015

RHSA-2015:1667: Moderate: httpd security update

First published: Mon Aug 24 2015(Updated: )

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183) It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd service will be restarted automatically.

Affected Software	Affected Version	How to fix
redhat/httpd	<2.4.6-31.el7_1.1	2.4.6-31.el7_1.1
redhat/httpd-debuginfo	<2.4.6-31.el7_1.1	2.4.6-31.el7_1.1
redhat/httpd-devel	<2.4.6-31.el7_1.1	2.4.6-31.el7_1.1
redhat/httpd-manual	<2.4.6-31.el7_1.1	2.4.6-31.el7_1.1
redhat/httpd-tools	<2.4.6-31.el7_1.1	2.4.6-31.el7_1.1
redhat/httpd	<2.4.6-31.el7_1.1	2.4.6-31.el7_1.1
redhat/httpd-debuginfo	<2.4.6-31.el7_1.1	2.4.6-31.el7_1.1
redhat/httpd-devel	<2.4.6-31.el7_1.1	2.4.6-31.el7_1.1
redhat/httpd-tools	<2.4.6-31.el7_1.1	2.4.6-31.el7_1.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2015:1667?
The severity of RHSA-2015:1667 is classified as moderate.
How do I fix RHSA-2015:1667?
To fix RHSA-2015:1667, you should update the affected httpd packages to version 2.4.6-31.el7_1.1 or later.
Which versions of httpd are affected by RHSA-2015:1667?
All versions of httpd prior to 2.4.6-31.el7_1.1 are affected by RHSA-2015:1667.
What types of attacks does RHSA-2015:1667 protect against?
RHSA-2015:1667 addresses vulnerabilities that could allow remote attackers to exploit HTTP request and response parsing issues.
Is RHSA-2015:1667 relevant for httpd-debuginfo and httpd-devel packages?
Yes, RHSA-2015:1667 applies to httpd-debuginfo and httpd-devel packages, requiring updates for those as well.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/redhat-errata
anchor-id/RHSA-2015:1667
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.