- Vulnerability/
- RHSA-2020:3958
RHSA-2020:3958: Moderate: httpd security, bug fix, and enhancement update
First published: Tue Sep 29 2020(Updated: )
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.<br>Security Fix(es):<br><li> httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)</li> <li> httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS (CVE-2018-1303)</li> <li> httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)</li> <li> httpd: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715)</li> <li> httpd: mod_rewrite potential open redirect (CVE-2019-10098)</li> <li> httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Additional Changes:<br>For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/httpd | <2.4.6-95.el7 | 2.4.6-95.el7 |
| redhat/httpd | <2.4.6-95.el7 | 2.4.6-95.el7 |
| redhat/httpd-debuginfo | <2.4.6-95.el7 | 2.4.6-95.el7 |
| redhat/httpd-devel | <2.4.6-95.el7 | 2.4.6-95.el7 |
| redhat/httpd-manual | <2.4.6-95.el7 | 2.4.6-95.el7 |
| redhat/httpd-tools | <2.4.6-95.el7 | 2.4.6-95.el7 |
| redhat/httpd-debuginfo | <2.4.6-95.el7 | 2.4.6-95.el7 |
| redhat/httpd-devel | <2.4.6-95.el7 | 2.4.6-95.el7 |
| redhat/httpd-tools | <2.4.6-95.el7 | 2.4.6-95.el7 |
| redhat/httpd | <2.4.6-95.el7 | 2.4.6-95.el7 |
| redhat/httpd-debuginfo | <2.4.6-95.el7 | 2.4.6-95.el7 |
| redhat/httpd-devel | <2.4.6-95.el7 | 2.4.6-95.el7 |
| redhat/httpd-tools | <2.4.6-95.el7 | 2.4.6-95.el7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1560395
- https://bugzilla.redhat.com/show_bug.cgi?id=1560399
- https://bugzilla.redhat.com/show_bug.cgi?id=1560614
- https://bugzilla.redhat.com/show_bug.cgi?id=1715981
- https://bugzilla.redhat.com/show_bug.cgi?id=1724879
- https://bugzilla.redhat.com/show_bug.cgi?id=1743959
- https://bugzilla.redhat.com/show_bug.cgi?id=1820761
- https://bugzilla.redhat.com/show_bug.cgi?id=1820772
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
- https://access.redhat.com/errata/RHSA-2020:3958 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2020:3958?
The severity of RHSA-2020:3958 is classified as moderate due to improper handling of HTTP headers in mod_session.
How do I fix RHSA-2020:3958?
To fix RHSA-2020:3958, update the httpd packages to version 2.4.6-95.el7 or later.
Which packages are affected by RHSA-2020:3958?
The affected packages include httpd, httpd-debuginfo, httpd-devel, httpd-manual, and httpd-tools.
What vulnerabilities are addressed in RHSA-2020:3958?
RHSA-2020:3958 addresses vulnerabilities involving improper handling of headers in mod_session that may allow remote session data modification.
Is RHSA-2020:3958 applicable to multiple architectures?
Yes, RHSA-2020:3958 is applicable to multiple architectures including x86_64 and ppc64le.
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/references
- agent/softwarecombine
- agent/description
- agent/event
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2020:3958
- agent/software-canonical-lookup
- agent/trending
- agent/tags
- agent/source
- package-manager/redhat