Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-44631 (GCVE-0-2026-44631)
Vulnerability from cvelistv5 – Published: 2026-06-08 15:19 – Updated: 2026-06-08 22:32- CWE-124 - Buffer Underwrite
| URL | Tags |
|---|---|
| https://httpd.apache.org/security/vulnerabilities… | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2026/0… |
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4.0 , ≤ 2.4.67
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-44631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T19:43:09.481041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T19:43:13.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-06-08T22:32:33.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/08/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.67",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zhenpeng (Leo) Lin at depthfirst"
},
{
"lang": "en",
"type": "finder",
"value": "Bartlomiej Dmitruk"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBuffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.68, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.\n\nUsers are recommended to upgrade to version 2.4.68, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-124",
"description": "CWE-124: Buffer Underwrite",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T15:19:23.570Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-27T12:00:00.000Z",
"value": "reported"
},
{
"lang": "en",
"time": "2026-06-05T12:00:00.000Z",
"value": "fixed in 2.4.x by r1935015"
},
{
"lang": "eng",
"time": "2026-06-08T12:00:00.000Z",
"value": "2.4.68 released"
}
],
"title": "Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-44631",
"datePublished": "2026-06-08T15:19:23.570Z",
"dateReserved": "2026-05-07T12:39:02.065Z",
"dateUpdated": "2026-06-08T22:32:33.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-44631",
"date": "2026-07-01",
"epss": "0.00486",
"percentile": "0.38272"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-44631\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-06-08T16:16:40.583\",\"lastModified\":\"2026-06-17T10:51:09.860\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.\\n\\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.\\n\\nUsers are recommended to upgrade to version 2.4.68, which fixes the issue.\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache HTTP Server\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"2.4.0\",\"lessThanOrEqual\":\"2.4.67\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-08T19:43:09.481041Z\",\"id\":\"CVE-2026-44631\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-124\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndExcluding\":\"2.4.68\",\"matchCriteriaId\":\"03F07E89-F9BF-4913-8250-F79447AA6EBD\"}]}]}],\"references\":[{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/06/08/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/06/08/14\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-06-08T22:32:33.325Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-44631\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-08T19:43:09.481041Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-08T19:43:03.009Z\"}}], \"cna\": {\"title\": \"Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Zhenpeng (Leo) Lin at depthfirst\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Bartlomiej Dmitruk\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache HTTP Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.4.67\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-04-27T12:00:00.000Z\", \"value\": \"reported\"}, {\"lang\": \"en\", \"time\": \"2026-06-05T12:00:00.000Z\", \"value\": \"fixed in 2.4.x by r1935015\"}, {\"lang\": \"eng\", \"time\": \"2026-06-08T12:00:00.000Z\", \"value\": \"2.4.68 released\"}], \"references\": [{\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.\\n\\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.\\n\\nUsers are recommended to upgrade to version 2.4.68, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eBuffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.68, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-124\", \"description\": \"CWE-124: Buffer Underwrite\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-06-08T15:19:23.570Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-44631\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-08T22:32:33.325Z\", \"dateReserved\": \"2026-05-07T12:39:02.065Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2026-06-08T15:19:23.570Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2026:34109
Vulnerability from osv_almalinux
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: incomplete fix for CVE-2023-38709 (CVE-2024-42516)
- httpd: NULL pointer dereference via specially crafted request (CVE-2026-29169)
- httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers (CVE-2026-34356)
- httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server (CVE-2026-44185)
- httpd: Apache HTTP Server: Denial of Service via crafted regular expressions (CVE-2026-44631)
- httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc (CVE-2026-42536)
- httpd: Apache HTTP Server: Buffer overflow in mod_proxy_html allows security bypass (CVE-2026-34355)
Bug Fix(es) and Enhancement(s):
- address Moderate severity issues from httpd 2.4.68 [almalinux-10.2.z] (JIRA:AlmaLinux-184518)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "httpd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.63-13.el10_2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "httpd-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.63-13.el10_2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "httpd-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.63-13.el10_2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "httpd-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.63-13.el10_2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "httpd-manual"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.63-13.el10_2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "httpd-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.63-13.el10_2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "mod_ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.63-13.el10_2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "mod_lua"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.63-13.el10_2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "mod_proxy_html"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.4.63-13.el10_2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "mod_session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.63-13.el10_2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "mod_ssl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.4.63-13.el10_2.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. \n\nSecurity Fix(es): \n\n * httpd: incomplete fix for CVE-2023-38709 (CVE-2024-42516)\n * httpd: NULL pointer dereference via specially crafted request (CVE-2026-29169)\n * httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers (CVE-2026-34356)\n * httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server (CVE-2026-44185)\n * httpd: Apache HTTP Server: Denial of Service via crafted regular expressions (CVE-2026-44631)\n * httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc (CVE-2026-42536)\n * httpd: Apache HTTP Server: Buffer overflow in mod_proxy_html allows security bypass (CVE-2026-34355)\n\n\nBug Fix(es) and Enhancement(s): \n\n * address Moderate severity issues from httpd 2.4.68 [almalinux-10.2.z] (JIRA:AlmaLinux-184518)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:34109",
"modified": "2026-07-01T12:00:28Z",
"published": "2026-07-01T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:34109"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-42516"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-29169"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-34355"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-34356"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-42536"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-44185"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-44631"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2374549"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2465296"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2486395"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2486397"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2486399"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2486411"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2486414"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2026-34109.html"
}
],
"related": [
"CVE-2023-38709",
"CVE-2024-42516",
"CVE-2026-29169",
"CVE-2026-34356",
"CVE-2026-44185",
"CVE-2026-44631",
"CVE-2026-42536",
"CVE-2026-34355"
],
"summary": "Important: httpd security, bug fix, and enhancement update"
}
bit-apache-2026-44631
Vulnerability from bitnami_vulndb
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are recommended to upgrade to version 2.4.68, which fixes the issue.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "apache",
"purl": "pkg:bitnami/apache"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.68"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2026-44631"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
],
"severity": "Critical"
},
"details": "Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.\n\nUsers are recommended to upgrade to version 2.4.68, which fixes the issue.",
"id": "BIT-apache-2026-44631",
"modified": "2026-06-10T09:06:17.876Z",
"published": "2026-06-10T08:39:21.148Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/08/14"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44631"
}
],
"schema_version": "1.6.2",
"summary": "Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow"
}
CERTFR-2026-AVI-0710
Vulnerability from certfr_avis - Published: 2026-06-09 - Updated: 2026-06-09
De multiples vulnérabilités ont été découvertes dans Apache HTTP Server. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apache | HTTP Server | Apache HTTP Server versions antérieures à 2.4.68 |
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apache HTTP Server versions ant\u00e9rieures \u00e0 2.4.68",
"product": {
"name": "HTTP Server",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-42536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42536"
},
{
"name": "CVE-2026-43951",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43951"
},
{
"name": "CVE-2026-44631",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44631"
},
{
"name": "CVE-2026-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48913"
},
{
"name": "CVE-2026-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-49975"
},
{
"name": "CVE-2026-44186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44186"
},
{
"name": "CVE-2026-34356",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34356"
},
{
"name": "CVE-2026-42535",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42535"
},
{
"name": "CVE-2026-34355",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34355"
},
{
"name": "CVE-2026-29170",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29170"
},
{
"name": "CVE-2026-44119",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44119"
},
{
"name": "CVE-2026-44185",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44185"
},
{
"name": "CVE-2026-29167",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29167"
}
],
"initial_release_date": "2026-06-09T00:00:00",
"last_revision_date": "2026-06-09T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0710",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache HTTP Server. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache HTTP Server",
"vendor_advisories": [
{
"published_at": "2026-06-08",
"title": "Bulletin de s\u00e9curit\u00e9 Apache HTTP Server CHANGES_2.4.68",
"url": "https://downloads.apache.org/httpd/CHANGES_2.4.68"
}
]
}
厂商已发布了漏洞修复程序,请及时关注更新: https://httpd.apache.org/security/vulnerabilities_24.html
| Name | Apache Apache HTTP Server >=2.4.0,<=2.4.67 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2026-44631",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-44631"
}
},
"description": "Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002\u8be5\u670d\u52a1\u5668\u5177\u6709\u5feb\u901f\u3001\u53ef\u9760\u4e14\u53ef\u901a\u8fc7\u7b80\u5355\u7684API\u8fdb\u884c\u6269\u5145\u7684\u7279\u70b9\u3002 \n\nApache HTTP Server\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://httpd.apache.org/security/vulnerabilities_24.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2026-23635",
"openTime": "2026-06-10",
"patchDescription": "Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002\u8be5\u670d\u52a1\u5668\u5177\u6709\u5feb\u901f\u3001\u53ef\u9760\u4e14\u53ef\u901a\u8fc7\u7b80\u5355\u7684API\u8fdb\u884c\u6269\u5145\u7684\u7279\u70b9\u3002 \r\n\r\nApache HTTP Server\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache HTTP Server\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2026-23635\uff09\u7684\u8865\u4e01",
"products": {
"product": "Apache Apache HTTP Server \u003e=2.4.0\uff0c\u003c=2.4.67"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-44631",
"serverity": "\u9ad8",
"submitTime": "2026-06-09",
"title": "Apache HTTP Server\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2026-23635\uff09"
}
FKIE_CVE-2026-44631
Vulnerability from fkie_nvd - Published: 2026-06-08 16:16 - Updated: 2026-06-17 10:51| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://httpd.apache.org/security/vulnerabilities_24.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2026/06/08/14 | Mailing List, Third Party Advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| apache | http_server | * |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.67",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
}
]
}
],
"source": "security@apache.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03F07E89-F9BF-4913-8250-F79447AA6EBD",
"versionEndExcluding": "2.4.68",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.\n\nUsers are recommended to upgrade to version 2.4.68, which fixes the issue."
}
],
"id": "CVE-2026-44631",
"lastModified": "2026-06-17T10:51:09.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-44631",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T19:43:09.481041Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-08T16:16:40.583",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2026/06/08/14"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-124"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
GHSA-9JV8-9586-5R34
Vulnerability from github – Published: 2026-06-08 18:31 – Updated: 2026-06-09 00:33Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are recommended to upgrade to version 2.4.68, which fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2026-44631"
],
"database_specific": {
"cwe_ids": [
"CWE-124"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-08T16:16:40Z",
"severity": "CRITICAL"
},
"details": "Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.\n\nUsers are recommended to upgrade to version 2.4.68, which fixes the issue.",
"id": "GHSA-9jv8-9586-5r34",
"modified": "2026-06-09T00:33:23Z",
"published": "2026-06-08T18:31:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44631"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/08/14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2026-44631
Vulnerability from csaf_microsoft - Published: 2026-06-02 00:00 - Updated: 2026-06-23 14:45| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 21442-17084 | — |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-1 | — |
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-44631.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow",
"tracking": {
"current_release_date": "2026-06-23T14:45:49.000Z",
"generator": {
"date": "2026-06-24T07:03:47.783Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-44631",
"initial_release_date": "2026-06-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-06-11T01:02:17.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-06-23T14:45:49.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 httpd 0:2.4.67-1.azl3",
"product": {
"name": "\u003cazl3 httpd 0:2.4.67-1.azl3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 httpd 0:2.4.67-1.azl3",
"product": {
"name": "azl3 httpd 0:2.4.67-1.azl3",
"product_id": "21442"
}
}
],
"category": "product_name",
"name": "httpd"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 httpd 0:2.4.67-1.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 httpd 0:2.4.67-1.azl3 as a component of Azure Linux 3.0",
"product_id": "21442-17084"
},
"product_reference": "21442",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44631",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "general",
"text": "apache",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"21442-17084"
],
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-44631.json"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17084-1"
]
}
],
"title": "Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow"
}
]
}
RHSA-2026:34109
Vulnerability from csaf_redhat - Published: 2026-07-01 09:31 - Updated: 2026-07-01 14:07A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers. These issues lead to HTTP response splitting. This CVE provides a "complete" fix for CVE-2023-38709.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the mod_dav_lock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
A vulnerability has been identified in the Apache HTTP Server. If the server is configured to connect to a malicious or compromised backend server, an attacker could exploit this flaw to bypass security controls or run unauthorized code on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Apache HTTP Server. This heap-based buffer overflow vulnerability can be exploited by a malicious backend server when using ProxyPassReverseCookie* directives. This could lead to a denial of service (DoS) condition, making the server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Apache HTTP Server, specifically within the mod_xml2enc module. This heap-based buffer overflow vulnerability can be triggered when processing untrusted content through the xml2StartParse function. A remote attacker could potentially exploit this to cause a denial of service, information disclosure, or possibly arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Apache HTTP Server. This buffer over-read vulnerability occurs when the server processes outbound Online Certificate Status Protocol (OCSP) requests directed to an attacker-controlled OCSP server. This could allow a remote attacker to read sensitive information from memory or cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Apache HTTP Server. This buffer underwrite vulnerability occurs when processing crafted regular expressions in the server's configuration. An attacker could potentially exploit this to cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64 | — |
Vendor Fix
fix
Workaround
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:34109 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2374549 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2465296 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2486395 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2486397 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2486399 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2486411 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2486414 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2024-42516 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2374549 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-42516 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-42516 | external |
| https://httpd.apache.org/security/vulnerabilities… | external |
| https://access.redhat.com/security/cve/CVE-2026-29169 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2465296 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-29169 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-29169 | external |
| https://access.redhat.com/security/cve/CVE-2026-34355 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2486414 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-34355 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-34355 | external |
| https://access.redhat.com/security/cve/CVE-2026-34356 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2486395 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-34356 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-34356 | external |
| https://access.redhat.com/security/cve/CVE-2026-42536 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2486411 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42536 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42536 | external |
| https://access.redhat.com/security/cve/CVE-2026-44185 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2486397 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-44185 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-44185 | external |
| https://access.redhat.com/security/cve/CVE-2026-44631 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2486399 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-44631 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-44631 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for httpd is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* httpd: incomplete fix for CVE-2023-38709 (CVE-2024-42516)\n\n* httpd: NULL pointer dereference via specially crafted request (CVE-2026-29169)\n\n* httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers (CVE-2026-34356)\n\n* httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server (CVE-2026-44185)\n\n* httpd: Apache HTTP Server: Denial of Service via crafted regular expressions (CVE-2026-44631)\n\n* httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc (CVE-2026-42536)\n\n* httpd: Apache HTTP Server: Buffer overflow in mod_proxy_html allows security bypass (CVE-2026-34355)\n\nBug Fix(es) and Enhancement(s):\n\n* address Moderate severity issues from httpd 2.4.68 [rhel-10.2.z] (JIRA:RHEL-184518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:34109",
"url": "https://access.redhat.com/errata/RHSA-2026:34109"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2374549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374549"
},
{
"category": "external",
"summary": "2465296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465296"
},
{
"category": "external",
"summary": "2486395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486395"
},
{
"category": "external",
"summary": "2486397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486397"
},
{
"category": "external",
"summary": "2486399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486399"
},
{
"category": "external",
"summary": "2486411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486411"
},
{
"category": "external",
"summary": "2486414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486414"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34109.json"
}
],
"title": "Red Hat Security Advisory: httpd security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-07-01T14:07:11+00:00",
"generator": {
"date": "2026-07-01T14:07:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:34109",
"initial_release_date": "2026-07-01T09:31:08+00:00",
"revision_history": [
{
"date": "2026-07-01T09:31:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-01T09:31:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T14:07:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.63-13.el10_2.4.src",
"product": {
"name": "httpd-0:2.4.63-13.el10_2.4.src",
"product_id": "httpd-0:2.4.63-13.el10_2.4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.63-13.el10_2.4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "httpd-0:2.4.63-13.el10_2.4.aarch64",
"product_id": "httpd-0:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.63-13.el10_2.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"product_id": "httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core@2.4.63-13.el10_2.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"product_id": "httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.63-13.el10_2.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"product_id": "httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.63-13.el10_2.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"product_id": "mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.63-13.el10_2.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"product_id": "mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua@2.4.63-13.el10_2.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"product_id": "mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.63-13.el10_2.4?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "mod_session-0:2.4.63-13.el10_2.4.aarch64",
"product_id": "mod_session-0:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.63-13.el10_2.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"product_id": "mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.63-13.el10_2.4?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"product_id": "httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.63-13.el10_2.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product_id": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core-debuginfo@2.4.63-13.el10_2.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product_id": "httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.63-13.el10_2.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product_id": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.63-13.el10_2.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product_id": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.63-13.el10_2.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product_id": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua-debuginfo@2.4.63-13.el10_2.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"product_id": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.63-13.el10_2.4?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product_id": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.63-13.el10_2.4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"product_id": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.63-13.el10_2.4?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "httpd-0:2.4.63-13.el10_2.4.ppc64le",
"product_id": "httpd-0:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.63-13.el10_2.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"product_id": "httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core@2.4.63-13.el10_2.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"product_id": "httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.63-13.el10_2.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"product_id": "httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.63-13.el10_2.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"product_id": "mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.63-13.el10_2.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"product_id": "mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua@2.4.63-13.el10_2.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"product_id": "mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.63-13.el10_2.4?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"product_id": "mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.63-13.el10_2.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"product_id": "mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.63-13.el10_2.4?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"product_id": "httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.63-13.el10_2.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product_id": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core-debuginfo@2.4.63-13.el10_2.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product_id": "httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.63-13.el10_2.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product_id": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.63-13.el10_2.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product_id": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.63-13.el10_2.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product_id": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua-debuginfo@2.4.63-13.el10_2.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"product_id": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.63-13.el10_2.4?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product_id": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.63-13.el10_2.4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"product_id": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.63-13.el10_2.4?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "httpd-0:2.4.63-13.el10_2.4.x86_64",
"product_id": "httpd-0:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.63-13.el10_2.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"product_id": "httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core@2.4.63-13.el10_2.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"product_id": "httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.63-13.el10_2.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"product_id": "httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.63-13.el10_2.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"product_id": "mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.63-13.el10_2.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"product_id": "mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua@2.4.63-13.el10_2.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"product_id": "mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.63-13.el10_2.4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "mod_session-0:2.4.63-13.el10_2.4.x86_64",
"product_id": "mod_session-0:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.63-13.el10_2.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"product_id": "mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.63-13.el10_2.4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"product_id": "httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.63-13.el10_2.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product_id": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core-debuginfo@2.4.63-13.el10_2.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product_id": "httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.63-13.el10_2.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product_id": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.63-13.el10_2.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product_id": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.63-13.el10_2.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product_id": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua-debuginfo@2.4.63-13.el10_2.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"product_id": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.63-13.el10_2.4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product_id": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.63-13.el10_2.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"product_id": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.63-13.el10_2.4?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "httpd-0:2.4.63-13.el10_2.4.s390x",
"product_id": "httpd-0:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.63-13.el10_2.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-core-0:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "httpd-core-0:2.4.63-13.el10_2.4.s390x",
"product_id": "httpd-core-0:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core@2.4.63-13.el10_2.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"product_id": "httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.63-13.el10_2.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"product_id": "httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.63-13.el10_2.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"product_id": "mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.63-13.el10_2.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_lua-0:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "mod_lua-0:2.4.63-13.el10_2.4.s390x",
"product_id": "mod_lua-0:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua@2.4.63-13.el10_2.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"product_id": "mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.63-13.el10_2.4?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "mod_session-0:2.4.63-13.el10_2.4.s390x",
"product_id": "mod_session-0:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.63-13.el10_2.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"product_id": "mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.63-13.el10_2.4?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"product_id": "httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.63-13.el10_2.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product_id": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-core-debuginfo@2.4.63-13.el10_2.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product_id": "httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.63-13.el10_2.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product_id": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.63-13.el10_2.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product_id": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.63-13.el10_2.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product_id": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_lua-debuginfo@2.4.63-13.el10_2.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"product_id": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.63-13.el10_2.4?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product_id": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.63-13.el10_2.4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"product_id": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.63-13.el10_2.4?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"product": {
"name": "httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"product_id": "httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-filesystem@2.4.63-13.el10_2.4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"product": {
"name": "httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"product_id": "httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.4.63-13.el10_2.4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "httpd-0:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "httpd-0:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "httpd-0:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.63-13.el10_2.4.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src"
},
"product_reference": "httpd-0:2.4.63-13.el10_2.4.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "httpd-0:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-0:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-0:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-0:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "httpd-core-0:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-0:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-filesystem-0:2.4.63-13.el10_2.4.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch"
},
"product_reference": "httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.63-13.el10_2.4.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch"
},
"product_reference": "httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-0:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-0:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-0:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "mod_lua-0:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-0:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "mod_session-0:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "mod_session-0:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "mod_session-0:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-42516",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2025-06-24T12:01:28.570000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374549"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers. These issues lead to HTTP response splitting. This CVE provides a \"complete\" fix for CVE-2023-38709.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: incomplete fix for CVE-2023-38709",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable by a malicious backend or a malicious application, but may also affect forward proxy configurations.\n\nThis issue is classified as a Moderate vulnerability because successful exploitation requires a highly specific and constrained setup. Namely, the attacker must already have the ability to influence backend responses\u2014such as injecting malicious headers like Content-Type or Content-Encoding\u2014which typically implies a compromised or poorly controlled upstream service. In properly configured systems, frontend servers like Apache sanitize or strictly validate backend output, limiting exposure. Furthermore, HTTP response splitting does not inherently lead to remote code execution or privilege escalation on the server itself; instead, its effects are typically confined to manipulating client-side behavior such as caching or redirection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-42516"
},
{
"category": "external",
"summary": "RHBZ#2374549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374549"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-42516",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42516"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2025-07-14T07:13:28.880000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T09:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34109"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: incomplete fix for CVE-2023-38709"
},
{
"cve": "CVE-2026-29169",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-04T15:01:18.611919+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2465296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_dav_lock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: NULL pointer dereference via specially crafted request",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue allows an unauthenticated remote attacker to crash the server via a specially crafted request. However, the mod_dav_lock module is obsolete and rarely enabled in modern environments. The only known use-case for the module was mod_dav_svn from Apache Subversion earlier than version 1.2.0. Due to this reason, this vulnerability has been rated with a low severity.\n\nThis flaw only affects configurations with mod_dav_lock loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29169"
},
{
"category": "external",
"summary": "RHBZ#2465296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29169",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29169"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-04T14:48:29.832000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T09:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34109"
},
{
"category": "workaround",
"details": "Disabling mod_dav_lock and restarting httpd will mitigate this flaw.",
"product_ids": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: NULL pointer dereference via specially crafted request"
},
{
"cve": "CVE-2026-34355",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-08T16:02:27.677660+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2486414"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the Apache HTTP Server. If the server is configured to connect to a malicious or compromised backend server, an attacker could exploit this flaw to bypass security controls or run unauthorized code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Apache HTTP Server: Buffer overflow in mod_proxy_html allows security bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in `mod_proxy_html` within the Apache HTTP Server allows an untrusted backend to trigger a buffer overflow. This could lead to a security bypass or arbitrary code execution, posing a significant risk in environments where `httpd` is configured with untrusted backend services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34355"
},
{
"category": "external",
"summary": "RHBZ#2486414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486414"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34355",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34355"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34355",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34355"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-06-08T15:20:30.900000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T09:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34109"
},
{
"category": "workaround",
"details": "Disable the `mod_proxy_html` module if it is not essential for your Apache HTTP Server configuration. If `mod_proxy_html` is required, restrict its use to trusted backend servers only, employing network segmentation and access controls. After modifying the configuration, reload the httpd service for changes to apply, which may cause a brief service interruption.\n\nSteps to disable:\nOpen /etc/httpd/conf.modules.d/00-proxy.conf.\nAdd a # to comment out the line: LoadModule proxy_html_module modules/mod_proxy_html.so\nVerify configuration syntax: apachectl configtest\nApply the change gracefully: systemctl reload httpd",
"product_ids": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: Apache HTTP Server: Buffer overflow in mod_proxy_html allows security bypass"
},
{
"cve": "CVE-2026-34356",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-08T16:01:32.651836+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2486395"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache HTTP Server. This heap-based buffer overflow vulnerability can be exploited by a malicious backend server when using ProxyPassReverseCookie* directives. This could lead to a denial of service (DoS) condition, making the server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in Apache could allow a malicious backend server to crash your web server, making it unavailable to users. Your system is only at risk if you use Apache to forward traffic to untrusted or unverified backend systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34356"
},
{
"category": "external",
"summary": "RHBZ#2486395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34356",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34356"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34356",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34356"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-06-08T15:12:21.415000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T09:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34109"
},
{
"category": "workaround",
"details": "To prevent this denial-of-service flaw, ensure your Apache proxy rules only connect to highly trusted backend servers. If you must proxy traffic to unverified or external backends, disable the cookie-rewriting features.\n\nSteps to Mitigate:\n\nOpen your Apache configuration file (e.g., /etc/httpd/conf/httpd.conf).\nLocate and comment out any ProxyPassReverseCookieDomain or ProxyPassReverseCookiePath lines pointing to untrusted backends by adding a # at the start of the line.\nTest your syntax: apachectl configtest\nApply changes gracefully: systemctl reload httpd\nNote: This may cause a brief service interruption.",
"product_ids": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers"
},
{
"cve": "CVE-2026-42536",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-08T16:02:19.284204+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2486411"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache HTTP Server, specifically within the mod_xml2enc module. This heap-based buffer overflow vulnerability can be triggered when processing untrusted content through the xml2StartParse function. A remote attacker could potentially exploit this to cause a denial of service, information disclosure, or possibly arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Enterprise Linux (RHEL), the httpd package includes mod_xml2enc, which provides encoding support for filters like mod_proxy_html. Because this flaw relies on processing unvetted or untrusted input text lengths, the impact presents a high risk to availability (Denial of Service via worker crashes) and a potential risk to confidentiality if an attacker is capable of executing remote code within the context of the apache or httpd daemon process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42536"
},
{
"category": "external",
"summary": "RHBZ#2486411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486411"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42536"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-06-08T15:23:46.290000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T09:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34109"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, disable the `mod_xml2enc` module if its functionality for XML internationalization is not essential. This can be done by commenting out the `LoadModule xml2enc_module modules/mod_xml2enc.so` directive in the Apache HTTP Server configuration. A service restart is required for the change to take effect.\n\n```bash\n# Edit the Apache configuration file, e.g., /etc/httpd/conf.modules.d/00-base.conf\n# Comment out the line:\n# LoadModule xml2enc_module modules/mod_xml2enc.so\n\n# Reload the httpd service\nsudo systemctl reload httpd\n```\n\n*Note: Disabling `mod_xml2enc` will cause any configurations relying heavily on `mod_proxy_html` or raw HTML/XML encoding conversions to function incorrectly or fail. Red Hat strongly recommends upgrading to a patched version of `httpd` as soon as it becomes available for your specific RHEL channel.*",
"product_ids": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc"
},
{
"cve": "CVE-2026-44185",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-06-08T16:01:37.898883+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2486397"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache HTTP Server. This buffer over-read vulnerability occurs when the server processes outbound Online Certificate Status Protocol (OCSP) requests directed to an attacker-controlled OCSP server. This could allow a remote attacker to read sensitive information from memory or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A critical buffer over-read flaw in Apache HTTP Server occurs when it performs outbound OCSP requests. If a server connects to an attacker-controlled OCSP responder, a remote attacker can leak sensitive memory data or trigger a denial of service (DoS). This risk depends entirely on the server\u0027s OCSP configuration and endpoint trustworthiness.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44185"
},
{
"category": "external",
"summary": "RHBZ#2486397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44185",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44185"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-06-08T15:22:11.809000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T09:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34109"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that Apache HTTP Server is configured to only communicate with trusted OCSP responders. If OCSP validation or stapling is not a critical requirement for your deployment, consider disabling it. This can be achieved by adjusting mod_ssl directives in your Apache HTTP Server configuration. \n\nFor example, add or modify the following lines:\n\n~~~\nSSLOCSPEnable off\nSSLUseStapling off\n~~~\n\nAfter modifying the configuration, reload the httpd service for the changes to take effect safely without interrupting active connections:\n\n~~~\nsudo systemctl reload httpd\n~~~",
"product_ids": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server"
},
{
"cve": "CVE-2026-44631",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"discovery_date": "2026-06-08T16:01:43.891910+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2486399"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache HTTP Server. This buffer underwrite vulnerability occurs when processing crafted regular expressions in the server\u0027s configuration. An attacker could potentially exploit this to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Apache HTTP Server: Denial of Service via crafted regular expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate impact buffer underwrite flaw in Apache HTTP Server can lead to a denial of service. The vulnerability occurs when processing specially crafted regular expressions within the server\u0027s configuration. Exploitation requires a high attack complexity, indicating that specific conditions or a complex attack vector are necessary, thereby limiting the practical risk in typical Red Hat deployments where configuration changes are tightly controlled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44631"
},
{
"category": "external",
"summary": "RHBZ#2486399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486399"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44631",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44631"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-06-08T15:19:23.570000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T09:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34109"
},
{
"category": "workaround",
"details": "Only loadtrustedApache configuration; the bug triggers oncrafted regexin config at start/reload (DirectoryMatch,Directory ~,ProxyMatch, etc.).\nKeep AllowOverride None where possible so untrusted users cannot inject regex via .htaccess.\nRestrict who can change httpdconfig and reload the service.",
"product_ids": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.src",
"AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.4.noarch",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.4.x86_64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.aarch64",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.ppc64le",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.s390x",
"AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Apache HTTP Server: Denial of Service via crafted regular expressions"
}
]
}
WID-SEC-W-2026-1824
Vulnerability from csaf_certbund - Published: 2026-06-08 22:00 - Updated: 2026-06-16 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache HTTP Server <2.4.68
Apache / HTTP Server
|
<2.4.68 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM HTTP Server <9.0.5.29
IBM / HTTP Server
|
<9.0.5.29 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM HTTP Server <8.5.5.30
IBM / HTTP Server
|
<8.5.5.30 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache HTTP Server <2.4.68
Apache / HTTP Server
|
<2.4.68 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM HTTP Server <9.0.5.29
IBM / HTTP Server
|
<9.0.5.29 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM HTTP Server <8.5.5.30
IBM / HTTP Server
|
<8.5.5.30 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache HTTP Server <2.4.68
Apache / HTTP Server
|
<2.4.68 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM HTTP Server <9.0.5.29
IBM / HTTP Server
|
<9.0.5.29 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM HTTP Server <8.5.5.30
IBM / HTTP Server
|
<8.5.5.30 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache HTTP Server <2.4.68
Apache / HTTP Server
|
<2.4.68 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM HTTP Server <9.0.5.29
IBM / HTTP Server
|
<9.0.5.29 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM HTTP Server <8.5.5.30
IBM / HTTP Server
|
<8.5.5.30 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache HTTP Server <2.4.68
Apache / HTTP Server
|
<2.4.68 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM HTTP Server <9.0.5.29
IBM / HTTP Server
|
<9.0.5.29 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM HTTP Server <8.5.5.30
IBM / HTTP Server
|
<8.5.5.30 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache HTTP Server <2.4.68
Apache / HTTP Server
|
<2.4.68 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM HTTP Server <9.0.5.29
IBM / HTTP Server
|
<9.0.5.29 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM HTTP Server <8.5.5.30
IBM / HTTP Server
|
<8.5.5.30 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache HTTP Server <2.4.68
Apache / HTTP Server
|
<2.4.68 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM HTTP Server <9.0.5.29
IBM / HTTP Server
|
<9.0.5.29 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM HTTP Server <8.5.5.30
IBM / HTTP Server
|
<8.5.5.30 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache HTTP Server <2.4.68
Apache / HTTP Server
|
<2.4.68 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM HTTP Server <9.0.5.29
IBM / HTTP Server
|
<9.0.5.29 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM HTTP Server <8.5.5.30
IBM / HTTP Server
|
<8.5.5.30 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache HTTP Server <2.4.68
Apache / HTTP Server
|
<2.4.68 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM HTTP Server <9.0.5.29
IBM / HTTP Server
|
<9.0.5.29 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM HTTP Server <8.5.5.30
IBM / HTTP Server
|
<8.5.5.30 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache HTTP Server <2.4.68
Apache / HTTP Server
|
<2.4.68 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM HTTP Server <9.0.5.29
IBM / HTTP Server
|
<9.0.5.29 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM HTTP Server <8.5.5.30
IBM / HTTP Server
|
<8.5.5.30 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache HTTP Server <2.4.68
Apache / HTTP Server
|
<2.4.68 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM HTTP Server <9.0.5.29
IBM / HTTP Server
|
<9.0.5.29 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM HTTP Server <8.5.5.30
IBM / HTTP Server
|
<8.5.5.30 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache HTTP Server <2.4.68
Apache / HTTP Server
|
<2.4.68 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM HTTP Server <9.0.5.29
IBM / HTTP Server
|
<9.0.5.29 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM HTTP Server <8.5.5.30
IBM / HTTP Server
|
<8.5.5.30 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache HTTP Server <2.4.68
Apache / HTTP Server
|
<2.4.68 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM HTTP Server <9.0.5.29
IBM / HTTP Server
|
<9.0.5.29 | ||
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM HTTP Server <8.5.5.30
IBM / HTTP Server
|
<8.5.5.30 |
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://httpd.apache.org/security/vulnerabilities… | external |
| https://msrc.microsoft.com/update-guide/ | external |
| https://errata.build.resf.org/RLSA-2026:25090 | external |
| https://access.redhat.com/errata/RHSA-2026:25057 | external |
| https://access.redhat.com/errata/RHSA-2026:25090 | external |
| https://access.redhat.com/errata/RHSA-2026:25225 | external |
| https://errata.build.resf.org/RLSA-2026:25225 | external |
| https://lists.debian.org/debian-lts-announce/2026… | external |
| https://errata.build.resf.org/RLSA-2026:25057 | external |
| https://www.ibm.com/support/pages/node/7276565 | external |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache ist ein Webserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Apache HTTP Server ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Daten zu ver\u00e4ndern und offenzulegen, einen Denial-of-Service-Zustand zu verursachen oder andere nicht n\u00e4her definierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1824 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1824.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1824 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1824"
},
{
"category": "external",
"summary": "Apache Vulnerabilities vom 2026-06-08",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"category": "external",
"summary": "Microsoft Security Update Guide vom 2026-06-09",
"url": "https://msrc.microsoft.com/update-guide/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:25090 vom 2026-06-11",
"url": "https://errata.build.resf.org/RLSA-2026:25090"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:25057 vom 2026-06-10",
"url": "https://access.redhat.com/errata/RHSA-2026:25057"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:25090 vom 2026-06-10",
"url": "https://access.redhat.com/errata/RHSA-2026:25090"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:25225 vom 2026-06-11",
"url": "https://access.redhat.com/errata/RHSA-2026:25225"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:25225 vom 2026-06-13",
"url": "https://errata.build.resf.org/RLSA-2026:25225"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4629 vom 2026-06-12",
"url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00018.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:25057 vom 2026-06-13",
"url": "https://errata.build.resf.org/RLSA-2026:25057"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7276565 vom 2026-06-16",
"url": "https://www.ibm.com/support/pages/node/7276565"
}
],
"source_lang": "en-US",
"title": "Apache HTTP Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-16T22:00:00.000+00:00",
"generator": {
"date": "2026-06-17T10:49:51.293+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1824",
"initial_release_date": "2026-06-08T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-06-08T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-06-09T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-06-10T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2026-06-14T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und Debian aufgenommen"
},
{
"date": "2026-06-15T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4.68",
"product": {
"name": "Apache HTTP Server \u003c2.4.68",
"product_id": "T055055"
}
},
{
"category": "product_version",
"name": "2.4.68",
"product": {
"name": "Apache HTTP Server 2.4.68",
"product_id": "T055055-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:http_server:2.4.68"
}
}
}
],
"category": "product_name",
"name": "HTTP Server"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.5.5.30",
"product": {
"name": "IBM HTTP Server \u003c8.5.5.30",
"product_id": "T052356"
}
},
{
"category": "product_version",
"name": "8.5.5.30",
"product": {
"name": "IBM HTTP Server 8.5.5.30",
"product_id": "T052356-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:http_server:8.5.5.30"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.5.29",
"product": {
"name": "IBM HTTP Server \u003c9.0.5.29",
"product_id": "T054746"
}
},
{
"category": "product_version",
"name": "9.0.5.29",
"product": {
"name": "IBM HTTP Server 9.0.5.29",
"product_id": "T054746-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:http_server:9.0.5.29"
}
}
}
],
"category": "product_name",
"name": "HTTP Server"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "azl3",
"product": {
"name": "Microsoft Azure Linux azl3",
"product_id": "T049210",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3"
}
}
}
],
"category": "product_name",
"name": "Azure Linux"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-29167",
"product_status": {
"known_affected": [
"T055055",
"2951",
"67646",
"T000126",
"T054746",
"T049210",
"T032255",
"T052356"
]
},
"release_date": "2026-06-08T22:00:00.000+00:00",
"title": "CVE-2026-29167"
},
{
"cve": "CVE-2026-29170",
"product_status": {
"known_affected": [
"T055055",
"2951",
"67646",
"T000126",
"T054746",
"T049210",
"T032255",
"T052356"
]
},
"release_date": "2026-06-08T22:00:00.000+00:00",
"title": "CVE-2026-29170"
},
{
"cve": "CVE-2026-34355",
"product_status": {
"known_affected": [
"T055055",
"2951",
"67646",
"T000126",
"T054746",
"T049210",
"T032255",
"T052356"
]
},
"release_date": "2026-06-08T22:00:00.000+00:00",
"title": "CVE-2026-34355"
},
{
"cve": "CVE-2026-34356",
"product_status": {
"known_affected": [
"T055055",
"2951",
"67646",
"T000126",
"T054746",
"T049210",
"T032255",
"T052356"
]
},
"release_date": "2026-06-08T22:00:00.000+00:00",
"title": "CVE-2026-34356"
},
{
"cve": "CVE-2026-42535",
"product_status": {
"known_affected": [
"T055055",
"2951",
"67646",
"T000126",
"T054746",
"T049210",
"T032255",
"T052356"
]
},
"release_date": "2026-06-08T22:00:00.000+00:00",
"title": "CVE-2026-42535"
},
{
"cve": "CVE-2026-42536",
"product_status": {
"known_affected": [
"T055055",
"2951",
"67646",
"T000126",
"T054746",
"T049210",
"T032255",
"T052356"
]
},
"release_date": "2026-06-08T22:00:00.000+00:00",
"title": "CVE-2026-42536"
},
{
"cve": "CVE-2026-43951",
"product_status": {
"known_affected": [
"T055055",
"2951",
"67646",
"T000126",
"T054746",
"T049210",
"T032255",
"T052356"
]
},
"release_date": "2026-06-08T22:00:00.000+00:00",
"title": "CVE-2026-43951"
},
{
"cve": "CVE-2026-44119",
"product_status": {
"known_affected": [
"T055055",
"2951",
"67646",
"T000126",
"T054746",
"T049210",
"T032255",
"T052356"
]
},
"release_date": "2026-06-08T22:00:00.000+00:00",
"title": "CVE-2026-44119"
},
{
"cve": "CVE-2026-44185",
"product_status": {
"known_affected": [
"T055055",
"2951",
"67646",
"T000126",
"T054746",
"T049210",
"T032255",
"T052356"
]
},
"release_date": "2026-06-08T22:00:00.000+00:00",
"title": "CVE-2026-44185"
},
{
"cve": "CVE-2026-44186",
"product_status": {
"known_affected": [
"T055055",
"2951",
"67646",
"T000126",
"T054746",
"T049210",
"T032255",
"T052356"
]
},
"release_date": "2026-06-08T22:00:00.000+00:00",
"title": "CVE-2026-44186"
},
{
"cve": "CVE-2026-44631",
"product_status": {
"known_affected": [
"T055055",
"2951",
"67646",
"T000126",
"T054746",
"T049210",
"T032255",
"T052356"
]
},
"release_date": "2026-06-08T22:00:00.000+00:00",
"title": "CVE-2026-44631"
},
{
"cve": "CVE-2026-48913",
"product_status": {
"known_affected": [
"T055055",
"2951",
"67646",
"T000126",
"T054746",
"T049210",
"T032255",
"T052356"
]
},
"release_date": "2026-06-08T22:00:00.000+00:00",
"title": "CVE-2026-48913"
},
{
"cve": "CVE-2026-49975",
"product_status": {
"known_affected": [
"T055055",
"2951",
"67646",
"T000126",
"T054746",
"T049210",
"T032255",
"T052356"
]
},
"release_date": "2026-06-08T22:00:00.000+00:00",
"title": "CVE-2026-49975"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.