- Vulnerability/
- RHSA-2023:1547
RHSA-2023:1547: Important: httpd:2.4 security update
First published: Mon Apr 03 2023(Updated: )
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.<br>Security Fix(es):<br><li> httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/httpd | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
| redhat/httpd-filesystem | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
| redhat/httpd-manual | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
| redhat/httpd | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
| redhat/httpd-debuginfo | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
| redhat/httpd-debugsource | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
| redhat/httpd-devel | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
| redhat/httpd-tools | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
| redhat/httpd-tools-debuginfo | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
| redhat/httpd | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
| redhat/httpd-debuginfo | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
| redhat/httpd-debugsource | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
| redhat/httpd-devel | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
| redhat/httpd-tools | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
| redhat/httpd-tools-debuginfo | <2.4.37-16.module+el8.1.0+18511+ffefe478.6 | 2.4.37-16.module+el8.1.0+18511+ffefe478.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2023:1547?
RHSA-2023:1547 has been classified with a high severity level due to the potential for HTTP request splitting vulnerabilities.
How do I fix RHSA-2023:1547?
To fix RHSA-2023:1547, update the affected httpd packages to version 2.4.37-16.module+el8.1.0+18511+ffefe478.6 or later.
What vulnerabilities are addressed in RHSA-2023:1547?
RHSA-2023:1547 addresses the HTTP request splitting vulnerability involving mod_rewrite and mod_proxy, identified as CVE-2023-25690.
Which packages are affected by RHSA-2023:1547?
The affected packages in RHSA-2023:1547 include httpd, httpd-filesystem, httpd-manual, and others in the Red Hat ecosystem.
Is a restart required after applying the fix for RHSA-2023:1547?
Yes, a restart of the Apache HTTP server is typically required after applying the fix for RHSA-2023:1547.
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/description
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2023:1547
- agent/software-canonical-lookup
- agent/references
- agent/event
- agent/tags
- agent/source
- package-manager/redhat