- Vulnerability/
- RHSA-2023:1916
RHSA-2023:1916: Important: httpd and mod_http2 security update
First published: Thu Apr 20 2023(Updated: )
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.<br>Security Fix(es):<br><li> httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/httpd | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-debuginfo | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-debugsource | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-devel | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-filesystem | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-manual | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-tools | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-tools-debuginfo | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-debuginfo | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-debugsource | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-devel | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-tools | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-tools-debuginfo | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-debuginfo | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-debugsource | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-devel | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-tools | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd-tools-debuginfo | <2.4.51-7.el9_0.4 | 2.4.51-7.el9_0.4 |
| redhat/httpd | <2.4.51-7.el9_0.4.aa | 2.4.51-7.el9_0.4.aa |
| redhat/httpd-debuginfo | <2.4.51-7.el9_0.4.aa | 2.4.51-7.el9_0.4.aa |
| redhat/httpd-debugsource | <2.4.51-7.el9_0.4.aa | 2.4.51-7.el9_0.4.aa |
| redhat/httpd-devel | <2.4.51-7.el9_0.4.aa | 2.4.51-7.el9_0.4.aa |
| redhat/httpd-tools | <2.4.51-7.el9_0.4.aa | 2.4.51-7.el9_0.4.aa |
| redhat/httpd-tools-debuginfo | <2.4.51-7.el9_0.4.aa | 2.4.51-7.el9_0.4.aa |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2023:1916?
The severity of RHSA-2023:1916 is classified as important.
What vulnerability is addressed in RHSA-2023:1916?
RHSA-2023:1916 addresses HTTP request splitting with mod_rewrite and mod_proxy identified by CVE-2023-25690.
How do I fix RHSA-2023:1916?
To fix RHSA-2023:1916, update the httpd package to version 2.4.51-7.el9_0.4 or later.
Which packages are affected by RHSA-2023:1916?
The affected packages in RHSA-2023:1916 include httpd, httpd-debuginfo, httpd-tools, and several others.
When was RHSA-2023:1916 released?
RHSA-2023:1916 was released to address vulnerabilities on a specified date which is important for patch management.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/references
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2023:1916
- agent/software-canonical-lookup
- package-manager/redhat