jiachao2130/csaf2cusa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6669e5b3b8
csaf2cusa/csaf/advisories/2024/csaf-openEuler-SA-2024-1854.json
Jia Chao 6669e5b3b8 修改,适用 csaf 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-24 15:38:55 +08:00

972 lines
37 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"document": {
"aggregate_severity": {
"namespace": "https://nvd.nist.gov/vuln-metrics/cvss",
"text": "High"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https:/www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"text": "httpd security update",
"category": "general",
"title": "Synopsis"
},
{
"text": "An update for httpd is now available for openEuler-24.03-LTS",
"category": "general",
"title": "Summary"
},
{
"text": "Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.\n\nSecurity Fix(es):\n\nServing WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.(CVE-2024-36387)\n\nSubstitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.(CVE-2024-38474)\n\nnull pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38477)",
"category": "general",
"title": "Description"
},
{
"text": "An update for httpd is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
"category": "general",
"title": "Topic"
},
{
"text": "High",
"category": "general",
"title": "Severity"
},
{
"text": "httpd",
"category": "general",
"title": "Affected Component"
}
],
"publisher": {
"issuing_authority": "openEuler security committee",
"name": "openEuler",
"namespace": "https://www.openeuler.org",
"contact_details": "openeuler-security@openeuler.org",
"category": "vendor"
},
"references": [
{
"summary": "openEuler-SA-2024-1854",
"category": "self",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1854"
},
{
"summary": "CVE-2024-36387",
"category": "self",
"url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36387&packageName=httpd"
},
{
"summary": "CVE-2024-38474",
"category": "self",
"url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38474&packageName=httpd"
},
{
"summary": "CVE-2024-38477",
"category": "self",
"url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38477&packageName=httpd"
},
{
"summary": "nvd cve",
"category": "external",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36387"
},
{
"summary": "nvd cve",
"category": "external",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38474"
},
{
"summary": "nvd cve",
"category": "external",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38477"
},
{
"summary": "openEuler-SA-2024-1854 vex file",
"category": "self",
"url": "https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1854.json"
}
],
"title": "An update for httpd is now available for openEuler-24.03-LTS",
"tracking": {
"initial_release_date": "2024-07-19T21:23:52+08:00",
"revision_history": [
{
"date": "2024-07-19T21:23:52+08:00",
"summary": "Initial",
"number": "1.0.0"
},
{
"date": "2024-07-22T14:33:00+08:00",
"summary": "final",
"number": "2.0.0"
}
],
"generator": {
"date": "2024-07-22T14:33:00+08:00",
"engine": {
"name": "openEuler CSAF Tool V1.0"
}
},
"current_release_date": "2024-07-22T14:33:00+08:00",
"id": "openEuler-SA-2024-1854",
"version": "2.0.0",
"status": "final"
}
},
"product_tree": {
"branches": [
{
"name": "openEuler",
"category": "vendor",
"branches": [
{
"name": "openEuler",
"branches": [
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "openEuler-24.03-LTS",
"name": "openEuler-24.03-LTS"
},
"name": "openEuler-24.03-LTS",
"category": "product_version"
}
],
"category": "product_name"
},
{
"name": "aarch64",
"branches": [
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "httpd-2.4.58-6.oe2403.aarch64.rpm",
"name": "httpd-2.4.58-6.oe2403.aarch64.rpm"
},
"name": "httpd-2.4.58-6.oe2403.aarch64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "httpd-debuginfo-2.4.58-6.oe2403.aarch64.rpm",
"name": "httpd-debuginfo-2.4.58-6.oe2403.aarch64.rpm"
},
"name": "httpd-debuginfo-2.4.58-6.oe2403.aarch64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "httpd-debugsource-2.4.58-6.oe2403.aarch64.rpm",
"name": "httpd-debugsource-2.4.58-6.oe2403.aarch64.rpm"
},
"name": "httpd-debugsource-2.4.58-6.oe2403.aarch64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "httpd-devel-2.4.58-6.oe2403.aarch64.rpm",
"name": "httpd-devel-2.4.58-6.oe2403.aarch64.rpm"
},
"name": "httpd-devel-2.4.58-6.oe2403.aarch64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "httpd-tools-2.4.58-6.oe2403.aarch64.rpm",
"name": "httpd-tools-2.4.58-6.oe2403.aarch64.rpm"
},
"name": "httpd-tools-2.4.58-6.oe2403.aarch64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "mod_ldap-2.4.58-6.oe2403.aarch64.rpm",
"name": "mod_ldap-2.4.58-6.oe2403.aarch64.rpm"
},
"name": "mod_ldap-2.4.58-6.oe2403.aarch64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "mod_md-2.4.58-6.oe2403.aarch64.rpm",
"name": "mod_md-2.4.58-6.oe2403.aarch64.rpm"
},
"name": "mod_md-2.4.58-6.oe2403.aarch64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "mod_proxy_html-2.4.58-6.oe2403.aarch64.rpm",
"name": "mod_proxy_html-2.4.58-6.oe2403.aarch64.rpm"
},
"name": "mod_proxy_html-2.4.58-6.oe2403.aarch64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "mod_session-2.4.58-6.oe2403.aarch64.rpm",
"name": "mod_session-2.4.58-6.oe2403.aarch64.rpm"
},
"name": "mod_session-2.4.58-6.oe2403.aarch64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "mod_ssl-2.4.58-6.oe2403.aarch64.rpm",
"name": "mod_ssl-2.4.58-6.oe2403.aarch64.rpm"
},
"name": "mod_ssl-2.4.58-6.oe2403.aarch64.rpm",
"category": "product_version"
}
],
"category": "product_name"
},
{
"name": "src",
"branches": [
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "httpd-2.4.58-6.oe2403.src.rpm",
"name": "httpd-2.4.58-6.oe2403.src.rpm"
},
"name": "httpd-2.4.58-6.oe2403.src.rpm",
"category": "product_version"
}
],
"category": "product_name"
},
{
"name": "x86_64",
"branches": [
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "httpd-2.4.58-6.oe2403.x86_64.rpm",
"name": "httpd-2.4.58-6.oe2403.x86_64.rpm"
},
"name": "httpd-2.4.58-6.oe2403.x86_64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "httpd-debuginfo-2.4.58-6.oe2403.x86_64.rpm",
"name": "httpd-debuginfo-2.4.58-6.oe2403.x86_64.rpm"
},
"name": "httpd-debuginfo-2.4.58-6.oe2403.x86_64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "httpd-debugsource-2.4.58-6.oe2403.x86_64.rpm",
"name": "httpd-debugsource-2.4.58-6.oe2403.x86_64.rpm"
},
"name": "httpd-debugsource-2.4.58-6.oe2403.x86_64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "httpd-devel-2.4.58-6.oe2403.x86_64.rpm",
"name": "httpd-devel-2.4.58-6.oe2403.x86_64.rpm"
},
"name": "httpd-devel-2.4.58-6.oe2403.x86_64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "httpd-tools-2.4.58-6.oe2403.x86_64.rpm",
"name": "httpd-tools-2.4.58-6.oe2403.x86_64.rpm"
},
"name": "httpd-tools-2.4.58-6.oe2403.x86_64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "mod_ldap-2.4.58-6.oe2403.x86_64.rpm",
"name": "mod_ldap-2.4.58-6.oe2403.x86_64.rpm"
},
"name": "mod_ldap-2.4.58-6.oe2403.x86_64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "mod_md-2.4.58-6.oe2403.x86_64.rpm",
"name": "mod_md-2.4.58-6.oe2403.x86_64.rpm"
},
"name": "mod_md-2.4.58-6.oe2403.x86_64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "mod_proxy_html-2.4.58-6.oe2403.x86_64.rpm",
"name": "mod_proxy_html-2.4.58-6.oe2403.x86_64.rpm"
},
"name": "mod_proxy_html-2.4.58-6.oe2403.x86_64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "mod_session-2.4.58-6.oe2403.x86_64.rpm",
"name": "mod_session-2.4.58-6.oe2403.x86_64.rpm"
},
"name": "mod_session-2.4.58-6.oe2403.x86_64.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "mod_ssl-2.4.58-6.oe2403.x86_64.rpm",
"name": "mod_ssl-2.4.58-6.oe2403.x86_64.rpm"
},
"name": "mod_ssl-2.4.58-6.oe2403.x86_64.rpm",
"category": "product_version"
}
],
"category": "product_name"
},
{
"name": "noarch",
"branches": [
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "httpd-filesystem-2.4.58-6.oe2403.noarch.rpm",
"name": "httpd-filesystem-2.4.58-6.oe2403.noarch.rpm"
},
"name": "httpd-filesystem-2.4.58-6.oe2403.noarch.rpm",
"category": "product_version"
},
{
"product": {
"product_identification_helper": {
"cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id": "httpd-help-2.4.58-6.oe2403.noarch.rpm",
"name": "httpd-help-2.4.58-6.oe2403.noarch.rpm"
},
"name": "httpd-help-2.4.58-6.oe2403.noarch.rpm",
"category": "product_version"
}
],
"category": "product_name"
}
]
}
],
"relationships": [
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "httpd-2.4.58-6.oe2403.aarch64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
"name": "httpd-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "httpd-debuginfo-2.4.58-6.oe2403.aarch64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
"name": "httpd-debuginfo-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "httpd-debugsource-2.4.58-6.oe2403.aarch64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
"name": "httpd-debugsource-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "httpd-devel-2.4.58-6.oe2403.aarch64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
"name": "httpd-devel-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "httpd-tools-2.4.58-6.oe2403.aarch64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
"name": "httpd-tools-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "mod_ldap-2.4.58-6.oe2403.aarch64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
"name": "mod_ldap-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "mod_md-2.4.58-6.oe2403.aarch64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
"name": "mod_md-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "mod_proxy_html-2.4.58-6.oe2403.aarch64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
"name": "mod_proxy_html-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "mod_session-2.4.58-6.oe2403.aarch64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
"name": "mod_session-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "mod_ssl-2.4.58-6.oe2403.aarch64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
"name": "mod_ssl-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "httpd-2.4.58-6.oe2403.src.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
"name": "httpd-2.4.58-6.oe2403.src as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "httpd-2.4.58-6.oe2403.x86_64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
"name": "httpd-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "httpd-debuginfo-2.4.58-6.oe2403.x86_64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
"name": "httpd-debuginfo-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "httpd-debugsource-2.4.58-6.oe2403.x86_64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
"name": "httpd-debugsource-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "httpd-devel-2.4.58-6.oe2403.x86_64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
"name": "httpd-devel-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "httpd-tools-2.4.58-6.oe2403.x86_64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
"name": "httpd-tools-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "mod_ldap-2.4.58-6.oe2403.x86_64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
"name": "mod_ldap-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "mod_md-2.4.58-6.oe2403.x86_64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
"name": "mod_md-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "mod_proxy_html-2.4.58-6.oe2403.x86_64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
"name": "mod_proxy_html-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "mod_session-2.4.58-6.oe2403.x86_64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
"name": "mod_session-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "mod_ssl-2.4.58-6.oe2403.x86_64.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
"name": "mod_ssl-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "httpd-filesystem-2.4.58-6.oe2403.noarch.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
"name": "httpd-filesystem-2.4.58-6.oe2403.noarch as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
},
{
"relates_to_product_reference": "openEuler-24.03-LTS",
"product_reference": "httpd-help-2.4.58-6.oe2403.noarch.rpm",
"full_product_name": {
"product_id": "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch",
"name": "httpd-help-2.4.58-6.oe2403.noarch as a component of openEuler-24.03-LTS"
},
"category": "default_component_of"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-36387",
"notes": [
{
"text": "Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.",
"category": "description",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
"openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
]
},
"remediations": [
{
"product_ids": [
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
"openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
],
"details": "httpd security update",
"category": "vendor_fix",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1854"
}
],
"scores": [
{
"cvss_v3": {
"baseSeverity": "MEDIUM",
"baseScore": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
"openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
]
}
],
"threats": [
{
"details": "Medium",
"category": "impact"
}
],
"title": "CVE-2024-36387"
},
{
"cve": "CVE-2024-38474",
"notes": [
{
"text": "Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.",
"category": "description",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
"openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
]
},
"remediations": [
{
"product_ids": [
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
"openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
],
"details": "httpd security update",
"category": "vendor_fix",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1854"
}
],
"scores": [
{
"cvss_v3": {
"baseSeverity": "HIGH",
"baseScore": 8.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
"openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
]
}
],
"threats": [
{
"details": "High",
"category": "impact"
}
],
"title": "CVE-2024-38474"
},
{
"cve": "CVE-2024-38477",
"notes": [
{
"text": "null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.",
"category": "description",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
"openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
]
},
"remediations": [
{
"product_ids": [
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
"openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
],
"details": "httpd security update",
"category": "vendor_fix",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1854"
}
],
"scores": [
{
"cvss_v3": {
"baseSeverity": "HIGH",
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
"openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
"openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
]
}
],
"threats": [
{
"details": "High",
"category": "impact"
}
],
"title": "CVE-2024-38477"
}
]
}
Reference in New Issue View Git Blame Copy Permalink