What is the severity of RHSA-2021:3746?

The severity of RHSA-2021:3746 is classified as important.

How do I fix RHSA-2021:3746?

To fix RHSA-2021:3746, update to the patched version 2.4.37-76.el8 or 2.4.37-76.jbcs.el7 of the affected JBoss Core Services Apache HTTP packages.

What software is affected by RHSA-2021:3746?

RHSA-2021:3746 affects the JBoss Core Services Apache HTTP Server version 2.4.37, specifically the packages related to it.

Is RHSA-2021:3746 applicable to both EL7 and EL8 systems?

Yes, RHSA-2021:3746 is applicable to systems running on both EL7 and EL8.

When was RHSA-2021:3746 released?

RHSA-2021:3746 was released as part of a security update for Red Hat JBoss Core Services.

Vulnerability/
RHSA-2021:3746

CWE

918

7/10/2021

RHSA-2021:3746: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP9 security update

First published: Thu Oct 07 2021(Updated: )

This release adds the new Apache HTTP Server 2.4.37 Service Pack 9 packages that are part of the JBoss Core Services offering.<br>This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 8 and includes an important security update. Refer to the Release Notes for information on the security fix included in this release.<br>Security Fix(es):<br><li> httpd: mod_proxy: SSRF via a crafted request uri-path (CVE-2021-40438)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
redhat/jbcs-httpd24-httpd	<2.4.37-76.el8	2.4.37-76.el8
redhat/jbcs-httpd24-httpd-debuginfo	<2.4.37-76.el8	2.4.37-76.el8
redhat/jbcs-httpd24-httpd-devel	<2.4.37-76.el8	2.4.37-76.el8
redhat/jbcs-httpd24-httpd-manual	<2.4.37-76.el8	2.4.37-76.el8
redhat/jbcs-httpd24-httpd-selinux	<2.4.37-76.el8	2.4.37-76.el8
redhat/jbcs-httpd24-httpd-tools	<2.4.37-76.el8	2.4.37-76.el8
redhat/jbcs-httpd24-httpd-tools-debuginfo	<2.4.37-76.el8	2.4.37-76.el8
redhat/jbcs-httpd24-httpd	<2.4.37-76.jbcs.el7	2.4.37-76.jbcs.el7
redhat/jbcs-httpd24-httpd	<2.4.37-76.jbcs.el7	2.4.37-76.jbcs.el7
redhat/jbcs-httpd24-httpd-debuginfo	<2.4.37-76.jbcs.el7	2.4.37-76.jbcs.el7
redhat/jbcs-httpd24-httpd-devel	<2.4.37-76.jbcs.el7	2.4.37-76.jbcs.el7
redhat/jbcs-httpd24-httpd-manual	<2.4.37-76.jbcs.el7	2.4.37-76.jbcs.el7
redhat/jbcs-httpd24-httpd-selinux	<2.4.37-76.jbcs.el7	2.4.37-76.jbcs.el7
redhat/jbcs-httpd24-httpd-tools	<2.4.37-76.jbcs.el7	2.4.37-76.jbcs.el7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2021:3746?
The severity of RHSA-2021:3746 is classified as important.
How do I fix RHSA-2021:3746?
To fix RHSA-2021:3746, update to the patched version 2.4.37-76.el8 or 2.4.37-76.jbcs.el7 of the affected JBoss Core Services Apache HTTP packages.
What software is affected by RHSA-2021:3746?
RHSA-2021:3746 affects the JBoss Core Services Apache HTTP Server version 2.4.37, specifically the packages related to it.
Is RHSA-2021:3746 applicable to both EL7 and EL8 systems?
Yes, RHSA-2021:3746 is applicable to systems running on both EL7 and EL8.
When was RHSA-2021:3746 released?
RHSA-2021:3746 was released as part of a security update for Red Hat JBoss Core Services.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
agent/weakness
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2021:3746
agent/software-canonical-lookup
package-manager/redhat