Bug 2190143

Summary: mod_rewrite regression with CVE-2023-25690
Product: Red Hat Enterprise Linux 7 Reporter: Joe Orton <jorton>
Component: httpdAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED ERRATA QA Contact: icesalov
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.9CC: icesalov, knakai, luhliari, mmiura, ovasik
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-25 19:38:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joe Orton 2023-04-27 09:40:33 UTC 
This bug was initially created as a copy of Bug #2189179

I am copying this bug because: 

This issue also affects RHEL7.

Description of problem:
Regression in query string handling with mod_rewrite due to CVE-2023-25690.

Version-Release number of selected component (if applicable):
httpd-2.4.37-51.2

How reproducible:
always

Steps to Reproduce:
See https://bz.apache.org/bugzilla/show_bug.cgi?id=66547
Comment 18 errata-xmlrpc 2023-05-25 19:38:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (httpd bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:3333
Comment 19 Red Hat Bugzilla 2023-09-28 04:25:26 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days