Bug 2295013 (CVE-2024-38474)
| Summary: | CVE-2024-38474 httpd: Substitution encoding issue in mod_rewrite | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | akapse, csutherl, hmatsumo, jclere, pjindal, plodge, szappis |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the mod_rewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be executed as CGI.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2295111 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2024-07-01 19:21:55 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:4720 https://access.redhat.com/errata/RHSA-2024:4720 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:4719 https://access.redhat.com/errata/RHSA-2024:4719 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:4726 https://access.redhat.com/errata/RHSA-2024:4726 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2024:4820 https://access.redhat.com/errata/RHSA-2024:4820 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:4827 https://access.redhat.com/errata/RHSA-2024:4827 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:4830 https://access.redhat.com/errata/RHSA-2024:4830 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2024:4863 https://access.redhat.com/errata/RHSA-2024:4863 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:4862 https://access.redhat.com/errata/RHSA-2024:4862 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2024:4938 https://access.redhat.com/errata/RHSA-2024:4938 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2024:4943 https://access.redhat.com/errata/RHSA-2024:4943 This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2024:5240 https://access.redhat.com/errata/RHSA-2024:5240 This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2024:5239 https://access.redhat.com/errata/RHSA-2024:5239 |