A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. Versions Affected: httpd 2.0.1 to 2.4.29 External references: https://httpd.apache.org/security/vulnerabilities_24.html
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 1560644]
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2018:3558
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0366
This issue has been addressed in the following products: JBoss Core Services on RHEL 6 JBoss Core Services on RHEL 7 Via RHSA-2019:0367 https://access.redhat.com/errata/RHSA-2019:0367
Hello, Please confirm when this CVE will be fixed for RHEL 7 httpd package? Regards, Vijay
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1121 https://access.redhat.com/errata/RHSA-2020:1121