What is the severity of RHSA-2021:3837?

The severity of RHSA-2021:3837 is rated as important due to the SSRF vulnerability found in mod_proxy.

How do I fix RHSA-2021:3837?

To fix RHSA-2021:3837, update the httpd package to version 2.4.37-16.module+el8.1.0+12900+7e6e5641.1 or later.

What vulnerabilities are addressed in RHSA-2021:3837?

RHSA-2021:3837 addresses a SSRF vulnerability described as CVE-2021-40438 in the Apache mod_proxy module.

Which versions of httpd are affected by RHSA-2021:3837?

RHSA-2021:3837 affects httpd versions prior to 2.4.37-16.module+el8.1.0+12900+7e6e5641.1.

Is there any workaround for RHSA-2021:3837?

The best course of action for RHSA-2021:3837 is to apply the available patches and updates as there are no official workarounds provided.

Vulnerability/
RHSA-2021:3837

CWE

918

13/10/2021

20/6/2024

RHSA-2021:3837: Important: httpd:2.4 security update

First published: Wed Oct 13 2021(Updated: )

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.<br>Security Fix(es):<br><li> httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2021:3837 (Advisory)

Frequently Asked Questions

What is the severity of RHSA-2021:3837?
The severity of RHSA-2021:3837 is rated as important due to the SSRF vulnerability found in mod_proxy.
How do I fix RHSA-2021:3837?
To fix RHSA-2021:3837, update the httpd package to version 2.4.37-16.module+el8.1.0+12900+7e6e5641.1 or later.
What vulnerabilities are addressed in RHSA-2021:3837?
RHSA-2021:3837 addresses a SSRF vulnerability described as CVE-2021-40438 in the Apache mod_proxy module.
Which versions of httpd are affected by RHSA-2021:3837?
RHSA-2021:3837 affects httpd versions prior to 2.4.37-16.module+el8.1.0+12900+7e6e5641.1.
Is there any workaround for RHSA-2021:3837?
The best course of action for RHSA-2021:3837 is to apply the available patches and updates as there are no official workarounds provided.

agent/severity
agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/title
agent/remedy
agent/references
agent/weakness
agent/tags
agent/description
agent/event
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2021:3837
agent/software-canonical-lookup
package-manager/redhat

Frequently Asked Questions

What is the severity of RHSA-2021:3837?
The severity of RHSA-2021:3837 is rated as important due to the SSRF vulnerability found in mod_proxy.
How do I fix RHSA-2021:3837?
To fix RHSA-2021:3837, update the httpd package to version 2.4.37-16.module+el8.1.0+12900+7e6e5641.1 or later.
What vulnerabilities are addressed in RHSA-2021:3837?
RHSA-2021:3837 addresses a SSRF vulnerability described as CVE-2021-40438 in the Apache mod_proxy module.
Which versions of httpd are affected by RHSA-2021:3837?
RHSA-2021:3837 affects httpd versions prior to 2.4.37-16.module+el8.1.0+12900+7e6e5641.1.
Is there any workaround for RHSA-2021:3837?
The best course of action for RHSA-2021:3837 is to apply the available patches and updates as there are no official workarounds provided.

RHSA-2021:3837: Important: httpd:2.4 security update

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2021:3837?

How do I fix RHSA-2021:3837?

What vulnerabilities are addressed in RHSA-2021:3837?

Which versions of httpd are affected by RHSA-2021:3837?

Is there any workaround for RHSA-2021:3837?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of RHSA-2021:3837?

How do I fix RHSA-2021:3837?

What vulnerabilities are addressed in RHSA-2021:3837?

Which versions of httpd are affected by RHSA-2021:3837?

Is there any workaround for RHSA-2021:3837?

Affected Software	Affected Version	How to fix
redhat/httpd	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-debuginfo	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-debugsource	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-devel	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-filesystem	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-manual	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-tools	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-tools-debuginfo	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-debuginfo	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-debugsource	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-devel	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-tools	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-tools-debuginfo	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-debuginfo	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-debugsource	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-devel	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-tools	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd-tools-debuginfo	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1	2.4.37-16.module+el8.1.0+12900+7e6e5641.1
redhat/httpd	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aa	2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aa
redhat/httpd-debuginfo	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aa	2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aa
redhat/httpd-debugsource	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aa	2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aa
redhat/httpd-devel	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aa	2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aa
redhat/httpd-tools	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aa	2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aa
redhat/httpd-tools-debuginfo	<2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aa	2.4.37-16.module+el8.1.0+12900+7e6e5641.1.aa