{ "document": { "aggregate_severity": { "namespace": "https://nvd.nist.gov/vuln-metrics/cvss", "text": "High" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https:/www.first.org/tlp/" } }, "lang": "en", "notes": [ { "text": "httpd security update", "category": "general", "title": "Synopsis" }, { "text": "An update for httpd is now available for openEuler-24.03-LTS", "category": "general", "title": "Summary" }, { "text": "Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.\n\nSecurity Fix(es):\n\nServing WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.(CVE-2024-36387)\n\nSubstitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.(CVE-2024-38474)\n\nnull pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38477)", "category": "general", "title": "Description" }, { "text": "An update for httpd is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category": "general", "title": "Topic" }, { "text": "High", "category": "general", "title": "Severity" }, { "text": "httpd", "category": "general", "title": "Affected Component" } ], "publisher": { "issuing_authority": "openEuler security committee", "name": "openEuler", "namespace": "https://www.openeuler.org", "contact_details": "openeuler-security@openeuler.org", "category": "vendor" }, "references": [ { "summary": "openEuler-SA-2024-1854", "category": "self", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1854" }, { "summary": "CVE-2024-36387", "category": "self", "url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36387&packageName=httpd" }, { "summary": "CVE-2024-38474", "category": "self", "url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38474&packageName=httpd" }, { "summary": "CVE-2024-38477", "category": "self", "url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38477&packageName=httpd" }, { "summary": "nvd cve", "category": "external", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36387" }, { "summary": "nvd cve", "category": "external", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38474" }, { "summary": "nvd cve", "category": "external", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38477" }, { "summary": "openEuler-SA-2024-1854 vex file", "category": "self", "url": "https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1854.json" } ], "title": "An update for httpd is now available for openEuler-24.03-LTS", "tracking": { "initial_release_date": "2024-07-19T21:23:52+08:00", "revision_history": [ { "date": "2024-07-19T21:23:52+08:00", "summary": "Initial", "number": "1.0.0" }, { "date": "2024-07-22T14:33:00+08:00", "summary": "final", "number": "2.0.0" } ], "generator": { "date": "2024-07-22T14:33:00+08:00", "engine": { "name": "openEuler CSAF Tool V1.0" } }, "current_release_date": "2024-07-22T14:33:00+08:00", "id": "openEuler-SA-2024-1854", "version": "2.0.0", "status": "final" } }, "product_tree": { "branches": [ { "name": "openEuler", "category": "vendor", "branches": [ { "name": "openEuler", "branches": [ { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "openEuler-24.03-LTS", "name": "openEuler-24.03-LTS" }, "name": "openEuler-24.03-LTS", "category": "product_version" } ], "category": "product_name" }, { "name": "aarch64", "branches": [ { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "httpd-2.4.58-6.oe2403.aarch64.rpm", "name": "httpd-2.4.58-6.oe2403.aarch64.rpm" }, "name": "httpd-2.4.58-6.oe2403.aarch64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "httpd-debuginfo-2.4.58-6.oe2403.aarch64.rpm", "name": "httpd-debuginfo-2.4.58-6.oe2403.aarch64.rpm" }, "name": "httpd-debuginfo-2.4.58-6.oe2403.aarch64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "httpd-debugsource-2.4.58-6.oe2403.aarch64.rpm", "name": "httpd-debugsource-2.4.58-6.oe2403.aarch64.rpm" }, "name": "httpd-debugsource-2.4.58-6.oe2403.aarch64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "httpd-devel-2.4.58-6.oe2403.aarch64.rpm", "name": "httpd-devel-2.4.58-6.oe2403.aarch64.rpm" }, "name": "httpd-devel-2.4.58-6.oe2403.aarch64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "httpd-tools-2.4.58-6.oe2403.aarch64.rpm", "name": "httpd-tools-2.4.58-6.oe2403.aarch64.rpm" }, "name": "httpd-tools-2.4.58-6.oe2403.aarch64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "mod_ldap-2.4.58-6.oe2403.aarch64.rpm", "name": "mod_ldap-2.4.58-6.oe2403.aarch64.rpm" }, "name": "mod_ldap-2.4.58-6.oe2403.aarch64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "mod_md-2.4.58-6.oe2403.aarch64.rpm", "name": "mod_md-2.4.58-6.oe2403.aarch64.rpm" }, "name": "mod_md-2.4.58-6.oe2403.aarch64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "mod_proxy_html-2.4.58-6.oe2403.aarch64.rpm", "name": "mod_proxy_html-2.4.58-6.oe2403.aarch64.rpm" }, "name": "mod_proxy_html-2.4.58-6.oe2403.aarch64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "mod_session-2.4.58-6.oe2403.aarch64.rpm", "name": "mod_session-2.4.58-6.oe2403.aarch64.rpm" }, "name": "mod_session-2.4.58-6.oe2403.aarch64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "mod_ssl-2.4.58-6.oe2403.aarch64.rpm", "name": "mod_ssl-2.4.58-6.oe2403.aarch64.rpm" }, "name": "mod_ssl-2.4.58-6.oe2403.aarch64.rpm", "category": "product_version" } ], "category": "product_name" }, { "name": "src", "branches": [ { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "httpd-2.4.58-6.oe2403.src.rpm", "name": "httpd-2.4.58-6.oe2403.src.rpm" }, "name": "httpd-2.4.58-6.oe2403.src.rpm", "category": "product_version" } ], "category": "product_name" }, { "name": "x86_64", "branches": [ { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "httpd-2.4.58-6.oe2403.x86_64.rpm", "name": "httpd-2.4.58-6.oe2403.x86_64.rpm" }, "name": "httpd-2.4.58-6.oe2403.x86_64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "httpd-debuginfo-2.4.58-6.oe2403.x86_64.rpm", "name": "httpd-debuginfo-2.4.58-6.oe2403.x86_64.rpm" }, "name": "httpd-debuginfo-2.4.58-6.oe2403.x86_64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "httpd-debugsource-2.4.58-6.oe2403.x86_64.rpm", "name": "httpd-debugsource-2.4.58-6.oe2403.x86_64.rpm" }, "name": "httpd-debugsource-2.4.58-6.oe2403.x86_64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "httpd-devel-2.4.58-6.oe2403.x86_64.rpm", "name": "httpd-devel-2.4.58-6.oe2403.x86_64.rpm" }, "name": "httpd-devel-2.4.58-6.oe2403.x86_64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "httpd-tools-2.4.58-6.oe2403.x86_64.rpm", "name": "httpd-tools-2.4.58-6.oe2403.x86_64.rpm" }, "name": "httpd-tools-2.4.58-6.oe2403.x86_64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "mod_ldap-2.4.58-6.oe2403.x86_64.rpm", "name": "mod_ldap-2.4.58-6.oe2403.x86_64.rpm" }, "name": "mod_ldap-2.4.58-6.oe2403.x86_64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "mod_md-2.4.58-6.oe2403.x86_64.rpm", "name": "mod_md-2.4.58-6.oe2403.x86_64.rpm" }, "name": "mod_md-2.4.58-6.oe2403.x86_64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "mod_proxy_html-2.4.58-6.oe2403.x86_64.rpm", "name": "mod_proxy_html-2.4.58-6.oe2403.x86_64.rpm" }, "name": "mod_proxy_html-2.4.58-6.oe2403.x86_64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "mod_session-2.4.58-6.oe2403.x86_64.rpm", "name": "mod_session-2.4.58-6.oe2403.x86_64.rpm" }, "name": "mod_session-2.4.58-6.oe2403.x86_64.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "mod_ssl-2.4.58-6.oe2403.x86_64.rpm", "name": "mod_ssl-2.4.58-6.oe2403.x86_64.rpm" }, "name": "mod_ssl-2.4.58-6.oe2403.x86_64.rpm", "category": "product_version" } ], "category": "product_name" }, { "name": "noarch", "branches": [ { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "httpd-filesystem-2.4.58-6.oe2403.noarch.rpm", "name": "httpd-filesystem-2.4.58-6.oe2403.noarch.rpm" }, "name": "httpd-filesystem-2.4.58-6.oe2403.noarch.rpm", "category": "product_version" }, { "product": { "product_identification_helper": { "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id": "httpd-help-2.4.58-6.oe2403.noarch.rpm", "name": "httpd-help-2.4.58-6.oe2403.noarch.rpm" }, "name": "httpd-help-2.4.58-6.oe2403.noarch.rpm", "category": "product_version" } ], "category": "product_name" } ] } ], "relationships": [ { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "httpd-2.4.58-6.oe2403.aarch64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64", "name": "httpd-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "httpd-debuginfo-2.4.58-6.oe2403.aarch64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64", "name": "httpd-debuginfo-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "httpd-debugsource-2.4.58-6.oe2403.aarch64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64", "name": "httpd-debugsource-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "httpd-devel-2.4.58-6.oe2403.aarch64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64", "name": "httpd-devel-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "httpd-tools-2.4.58-6.oe2403.aarch64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64", "name": "httpd-tools-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "mod_ldap-2.4.58-6.oe2403.aarch64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64", "name": "mod_ldap-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "mod_md-2.4.58-6.oe2403.aarch64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64", "name": "mod_md-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "mod_proxy_html-2.4.58-6.oe2403.aarch64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64", "name": "mod_proxy_html-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "mod_session-2.4.58-6.oe2403.aarch64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64", "name": "mod_session-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "mod_ssl-2.4.58-6.oe2403.aarch64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64", "name": "mod_ssl-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "httpd-2.4.58-6.oe2403.src.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src", "name": "httpd-2.4.58-6.oe2403.src as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "httpd-2.4.58-6.oe2403.x86_64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64", "name": "httpd-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "httpd-debuginfo-2.4.58-6.oe2403.x86_64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64", "name": "httpd-debuginfo-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "httpd-debugsource-2.4.58-6.oe2403.x86_64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64", "name": "httpd-debugsource-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "httpd-devel-2.4.58-6.oe2403.x86_64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64", "name": "httpd-devel-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "httpd-tools-2.4.58-6.oe2403.x86_64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64", "name": "httpd-tools-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "mod_ldap-2.4.58-6.oe2403.x86_64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64", "name": "mod_ldap-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "mod_md-2.4.58-6.oe2403.x86_64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64", "name": "mod_md-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "mod_proxy_html-2.4.58-6.oe2403.x86_64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64", "name": "mod_proxy_html-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "mod_session-2.4.58-6.oe2403.x86_64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64", "name": "mod_session-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "mod_ssl-2.4.58-6.oe2403.x86_64.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64", "name": "mod_ssl-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "httpd-filesystem-2.4.58-6.oe2403.noarch.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch", "name": "httpd-filesystem-2.4.58-6.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category": "default_component_of" }, { "relates_to_product_reference": "openEuler-24.03-LTS", "product_reference": "httpd-help-2.4.58-6.oe2403.noarch.rpm", "full_product_name": { "product_id": "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch", "name": "httpd-help-2.4.58-6.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category": "default_component_of" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-36387", "notes": [ { "text": "Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.", "category": "description", "title": "Vulnerability Description" } ], "product_status": { "fixed": [ "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch", "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch" ] }, "remediations": [ { "product_ids": [ "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch", "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch" ], "details": "httpd security update", "category": "vendor_fix", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1854" } ], "scores": [ { "cvss_v3": { "baseSeverity": "MEDIUM", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch", "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch" ] } ], "threats": [ { "details": "Medium", "category": "impact" } ], "title": "CVE-2024-36387" }, { "cve": "CVE-2024-38474", "notes": [ { "text": "Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.", "category": "description", "title": "Vulnerability Description" } ], "product_status": { "fixed": [ "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch", "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch" ] }, "remediations": [ { "product_ids": [ "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch", "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch" ], "details": "httpd security update", "category": "vendor_fix", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1854" } ], "scores": [ { "cvss_v3": { "baseSeverity": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch", "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch" ] } ], "threats": [ { "details": "High", "category": "impact" } ], "title": "CVE-2024-38474" }, { "cve": "CVE-2024-38477", "notes": [ { "text": "null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.", "category": "description", "title": "Vulnerability Description" } ], "product_status": { "fixed": [ "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch", "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch" ] }, "remediations": [ { "product_ids": [ "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch", "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch" ], "details": "httpd security update", "category": "vendor_fix", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1854" } ], "scores": [ { "cvss_v3": { "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src", "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64", "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch", "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch" ] } ], "threats": [ { "details": "High", "category": "impact" } ], "title": "CVE-2024-38477" } ] }