Request splitting via HTTP/2 method injection and mod_proxy in Apache httpd before 2.4.47. Upstream patch: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 1996514]
When the fix will be available for this vulnerability on RHEL8?
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1915 https://access.redhat.com/errata/RHSA-2022:1915
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-33193
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6753 https://access.redhat.com/errata/RHSA-2022:6753
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2022:7144 https://access.redhat.com/errata/RHSA-2022:7144
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2022:7143 https://access.redhat.com/errata/RHSA-2022:7143