Apache CVE's
Posted: 2019/06/12 12:30:43
Hello
Currently running the following version of Apache HTTPd
httpd-2.4.6.89.el7-centos.x86_64
We have had a security scan which has identified the following vulnerabilities
Apache HTTPD: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)
Apache HTTPD: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)
Apache HTTPD: Possible out of bound read in mod_cache_socache (CVE-2018-1303)
Apache HTTPD: mod_session_cookie does not respect expiry time (CVE-2018-17199)
Are these currently in the build provided above? I can't see the CVE's in the change notes, but I can see they were patch on RedHat httpd24-httpd-2.4.34-7.el7
CVE Information:
https://access.redhat.com/security/cve/CVE-2018-1312 (Affected)
https://access.redhat.com/security/cve/CVE-2017-15710 (Affected)
https://access.redhat.com/security/cve/CVE-2018-1303 (Affected)
https://access.redhat.com/security/cve/CVE-2018-17199 (Affected)
Red Hat Security Advisories:
https://rhn.redhat.com/errata/RHSA-2018-3558.html
https://rhn.redhat.com/errata/RHSA-2018-3558.html
https://rhn.redhat.com/errata/RHSA-2018-3558.html
Currently running the following version of Apache HTTPd
httpd-2.4.6.89.el7-centos.x86_64
We have had a security scan which has identified the following vulnerabilities
Apache HTTPD: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)
Apache HTTPD: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)
Apache HTTPD: Possible out of bound read in mod_cache_socache (CVE-2018-1303)
Apache HTTPD: mod_session_cookie does not respect expiry time (CVE-2018-17199)
Are these currently in the build provided above? I can't see the CVE's in the change notes, but I can see they were patch on RedHat httpd24-httpd-2.4.34-7.el7
CVE Information:
https://access.redhat.com/security/cve/CVE-2018-1312 (Affected)
https://access.redhat.com/security/cve/CVE-2017-15710 (Affected)
https://access.redhat.com/security/cve/CVE-2018-1303 (Affected)
https://access.redhat.com/security/cve/CVE-2018-17199 (Affected)
Red Hat Security Advisories:
https://rhn.redhat.com/errata/RHSA-2018-3558.html
https://rhn.redhat.com/errata/RHSA-2018-3558.html
https://rhn.redhat.com/errata/RHSA-2018-3558.html