jiachao2130/csaf2cusa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
658ba0e7e8
csaf2cusa/csaf/advisories/2024/csaf-openEuler-SA-2024-1853.json
Jia Chao 6669e5b3b8 修改,适用 csaf 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-24 15:38:55 +08:00

846 lines
34 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"document":{
"aggregate_severity":{
"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
"text":"High"
},
"category":"csaf_vex",
"csaf_version":"2.0",
"distribution":{
"tlp":{
"label":"WHITE",
"url":"https:/www.first.org/tlp/"
}
},
"lang":"en",
"notes":[
{
"text":"httpd security update",
"category":"general",
"title":"Synopsis"
},
{
"text":"An update for httpd is now available for openEuler-20.03-LTS-SP4",
"category":"general",
"title":"Summary"
},
{
"text":"Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.\n\nSecurity Fix(es):\n\nSubstitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.(CVE-2024-38474)\n\nnull pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38477)",
"category":"general",
"title":"Description"
},
{
"text":"An update for httpd is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
"category":"general",
"title":"Topic"
},
{
"text":"High",
"category":"general",
"title":"Severity"
},
{
"text":"httpd",
"category":"general",
"title":"Affected Component"
}
],
"publisher":{
"issuing_authority":"openEuler security committee",
"name":"openEuler",
"namespace":"https://www.openeuler.org",
"contact_details":"openeuler-security@openeuler.org",
"category":"vendor"
},
"references":[
{
"summary":"openEuler-SA-2024-1853",
"category":"self",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1853"
},
{
"summary":"CVE-2024-38474",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38474&packageName=httpd"
},
{
"summary":"CVE-2024-38477",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38477&packageName=httpd"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38474"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38477"
},
{
"summary":"openEuler-SA-2024-1853 vex file",
"category":"self",
"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1853.json"
}
],
"title":"An update for httpd is now available for openEuler-20.03-LTS-SP4",
"tracking":{
"initial_release_date":"2024-07-19T21:23:51+08:00",
"revision_history":[
{
"date":"2024-07-19T21:23:51+08:00",
"summary":"Initial",
"number":"1.0.0"
}
],
"generator":{
"date":"2024-07-19T21:23:51+08:00",
"engine":{
"name":"openEuler CSAF Tool V1.0"
}
},
"current_release_date":"2024-07-19T21:23:51+08:00",
"id":"openEuler-SA-2024-1853",
"version":"1.0.0",
"status":"final"
}
},
"product_tree":{
"branches":[
{
"name":"openEuler",
"category":"vendor",
"branches":[
{
"name":"openEuler",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"openEuler-20.03-LTS-SP4",
"name":"openEuler-20.03-LTS-SP4"
},
"name":"openEuler-20.03-LTS-SP4",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"x86_64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"httpd-2.4.43-25.oe2003sp4.x86_64.rpm",
"name":"httpd-2.4.43-25.oe2003sp4.x86_64.rpm"
},
"name":"httpd-2.4.43-25.oe2003sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64.rpm",
"name":"httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64.rpm"
},
"name":"httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"httpd-debugsource-2.4.43-25.oe2003sp4.x86_64.rpm",
"name":"httpd-debugsource-2.4.43-25.oe2003sp4.x86_64.rpm"
},
"name":"httpd-debugsource-2.4.43-25.oe2003sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"httpd-devel-2.4.43-25.oe2003sp4.x86_64.rpm",
"name":"httpd-devel-2.4.43-25.oe2003sp4.x86_64.rpm"
},
"name":"httpd-devel-2.4.43-25.oe2003sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"httpd-tools-2.4.43-25.oe2003sp4.x86_64.rpm",
"name":"httpd-tools-2.4.43-25.oe2003sp4.x86_64.rpm"
},
"name":"httpd-tools-2.4.43-25.oe2003sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"mod_ldap-2.4.43-25.oe2003sp4.x86_64.rpm",
"name":"mod_ldap-2.4.43-25.oe2003sp4.x86_64.rpm"
},
"name":"mod_ldap-2.4.43-25.oe2003sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"mod_md-2.4.43-25.oe2003sp4.x86_64.rpm",
"name":"mod_md-2.4.43-25.oe2003sp4.x86_64.rpm"
},
"name":"mod_md-2.4.43-25.oe2003sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"mod_proxy_html-2.4.43-25.oe2003sp4.x86_64.rpm",
"name":"mod_proxy_html-2.4.43-25.oe2003sp4.x86_64.rpm"
},
"name":"mod_proxy_html-2.4.43-25.oe2003sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"mod_session-2.4.43-25.oe2003sp4.x86_64.rpm",
"name":"mod_session-2.4.43-25.oe2003sp4.x86_64.rpm"
},
"name":"mod_session-2.4.43-25.oe2003sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"mod_ssl-2.4.43-25.oe2003sp4.x86_64.rpm",
"name":"mod_ssl-2.4.43-25.oe2003sp4.x86_64.rpm"
},
"name":"mod_ssl-2.4.43-25.oe2003sp4.x86_64.rpm",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"noarch",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"httpd-filesystem-2.4.43-25.oe2003sp4.noarch.rpm",
"name":"httpd-filesystem-2.4.43-25.oe2003sp4.noarch.rpm"
},
"name":"httpd-filesystem-2.4.43-25.oe2003sp4.noarch.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"httpd-help-2.4.43-25.oe2003sp4.noarch.rpm",
"name":"httpd-help-2.4.43-25.oe2003sp4.noarch.rpm"
},
"name":"httpd-help-2.4.43-25.oe2003sp4.noarch.rpm",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"aarch64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"httpd-2.4.43-25.oe2003sp4.aarch64.rpm",
"name":"httpd-2.4.43-25.oe2003sp4.aarch64.rpm"
},
"name":"httpd-2.4.43-25.oe2003sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64.rpm",
"name":"httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64.rpm"
},
"name":"httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"httpd-debugsource-2.4.43-25.oe2003sp4.aarch64.rpm",
"name":"httpd-debugsource-2.4.43-25.oe2003sp4.aarch64.rpm"
},
"name":"httpd-debugsource-2.4.43-25.oe2003sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"httpd-devel-2.4.43-25.oe2003sp4.aarch64.rpm",
"name":"httpd-devel-2.4.43-25.oe2003sp4.aarch64.rpm"
},
"name":"httpd-devel-2.4.43-25.oe2003sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"httpd-tools-2.4.43-25.oe2003sp4.aarch64.rpm",
"name":"httpd-tools-2.4.43-25.oe2003sp4.aarch64.rpm"
},
"name":"httpd-tools-2.4.43-25.oe2003sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"mod_ldap-2.4.43-25.oe2003sp4.aarch64.rpm",
"name":"mod_ldap-2.4.43-25.oe2003sp4.aarch64.rpm"
},
"name":"mod_ldap-2.4.43-25.oe2003sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"mod_md-2.4.43-25.oe2003sp4.aarch64.rpm",
"name":"mod_md-2.4.43-25.oe2003sp4.aarch64.rpm"
},
"name":"mod_md-2.4.43-25.oe2003sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"mod_proxy_html-2.4.43-25.oe2003sp4.aarch64.rpm",
"name":"mod_proxy_html-2.4.43-25.oe2003sp4.aarch64.rpm"
},
"name":"mod_proxy_html-2.4.43-25.oe2003sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"mod_session-2.4.43-25.oe2003sp4.aarch64.rpm",
"name":"mod_session-2.4.43-25.oe2003sp4.aarch64.rpm"
},
"name":"mod_session-2.4.43-25.oe2003sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"mod_ssl-2.4.43-25.oe2003sp4.aarch64.rpm",
"name":"mod_ssl-2.4.43-25.oe2003sp4.aarch64.rpm"
},
"name":"mod_ssl-2.4.43-25.oe2003sp4.aarch64.rpm",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"src",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
},
"product_id":"httpd-2.4.43-25.oe2003sp4.src.rpm",
"name":"httpd-2.4.43-25.oe2003sp4.src.rpm"
},
"name":"httpd-2.4.43-25.oe2003sp4.src.rpm",
"category":"product_version"
}
],
"category":"product_name"
}
]
}
],
"relationships":[
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"httpd-2.4.43-25.oe2003sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.x86_64",
"name":"httpd-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64",
"name":"httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"httpd-debugsource-2.4.43-25.oe2003sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.x86_64",
"name":"httpd-debugsource-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"httpd-devel-2.4.43-25.oe2003sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.x86_64",
"name":"httpd-devel-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"httpd-tools-2.4.43-25.oe2003sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.x86_64",
"name":"httpd-tools-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"mod_ldap-2.4.43-25.oe2003sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.x86_64",
"name":"mod_ldap-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"mod_md-2.4.43-25.oe2003sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.x86_64",
"name":"mod_md-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"mod_proxy_html-2.4.43-25.oe2003sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.x86_64",
"name":"mod_proxy_html-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"mod_session-2.4.43-25.oe2003sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.x86_64",
"name":"mod_session-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"mod_ssl-2.4.43-25.oe2003sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.x86_64",
"name":"mod_ssl-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"httpd-filesystem-2.4.43-25.oe2003sp4.noarch.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:httpd-filesystem-2.4.43-25.oe2003sp4.noarch",
"name":"httpd-filesystem-2.4.43-25.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"httpd-help-2.4.43-25.oe2003sp4.noarch.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:httpd-help-2.4.43-25.oe2003sp4.noarch",
"name":"httpd-help-2.4.43-25.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"httpd-2.4.43-25.oe2003sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.aarch64",
"name":"httpd-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64",
"name":"httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"httpd-debugsource-2.4.43-25.oe2003sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.aarch64",
"name":"httpd-debugsource-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"httpd-devel-2.4.43-25.oe2003sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.aarch64",
"name":"httpd-devel-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"httpd-tools-2.4.43-25.oe2003sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.aarch64",
"name":"httpd-tools-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"mod_ldap-2.4.43-25.oe2003sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.aarch64",
"name":"mod_ldap-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"mod_md-2.4.43-25.oe2003sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.aarch64",
"name":"mod_md-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"mod_proxy_html-2.4.43-25.oe2003sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.aarch64",
"name":"mod_proxy_html-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"mod_session-2.4.43-25.oe2003sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.aarch64",
"name":"mod_session-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"mod_ssl-2.4.43-25.oe2003sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.aarch64",
"name":"mod_ssl-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
"product_reference":"httpd-2.4.43-25.oe2003sp4.src.rpm",
"full_product_name":{
"product_id":"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.src",
"name":"httpd-2.4.43-25.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4"
},
"category":"default_component_of"
}
]
},
"vulnerabilities":[
{
"cve":"CVE-2024-38474",
"notes":[
{
"text":"Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-filesystem-2.4.43-25.oe2003sp4.noarch",
"openEuler-20.03-LTS-SP4:httpd-help-2.4.43-25.oe2003sp4.noarch",
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-filesystem-2.4.43-25.oe2003sp4.noarch",
"openEuler-20.03-LTS-SP4:httpd-help-2.4.43-25.oe2003sp4.noarch",
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.src"
],
"details":"httpd security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1853"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":8.2,
"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version":"3.1"
},
"products":[
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-filesystem-2.4.43-25.oe2003sp4.noarch",
"openEuler-20.03-LTS-SP4:httpd-help-2.4.43-25.oe2003sp4.noarch",
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.src"
]
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2024-38474"
},
{
"cve":"CVE-2024-38477",
"notes":[
{
"text":"null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-filesystem-2.4.43-25.oe2003sp4.noarch",
"openEuler-20.03-LTS-SP4:httpd-help-2.4.43-25.oe2003sp4.noarch",
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-filesystem-2.4.43-25.oe2003sp4.noarch",
"openEuler-20.03-LTS-SP4:httpd-help-2.4.43-25.oe2003sp4.noarch",
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.src"
],
"details":"httpd security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1853"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.5,
"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.x86_64",
"openEuler-20.03-LTS-SP4:httpd-filesystem-2.4.43-25.oe2003sp4.noarch",
"openEuler-20.03-LTS-SP4:httpd-help-2.4.43-25.oe2003sp4.noarch",
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.aarch64",
"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.src"
]
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2024-38477"
}
]
}
Reference in New Issue View Git Blame Copy Permalink