It was found that malicious input to mod_auth_digest will cause the server to crash, and each instance continues to crash even for subsequently valid requests. Affects versions 2.4.x up to 2.4.23 External Reference: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 1406823]
Upstream commit: http://svn.apache.org/viewvc?view=revision&revision=1773069
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0906 https://access.redhat.com/errata/RHSA-2017:0906
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2017:1161 https://access.redhat.com/errata/RHSA-2017:1161
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2017:1415 https://access.redhat.com/errata/RHSA-2017:1415
This issue has been addressed in the following products: JBoss Core Services on RHEL 6 Via RHSA-2017:1414 https://access.redhat.com/errata/RHSA-2017:1414
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 Via RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1413