Hide Forgot
Apache HTTP Server (httpd) through version 2.4.29 is vulnerable to an out of bounds read in the mod_cache_socache.c:read_table() function. A remote attacker could exploit this to cause a denial of service. Upstream Advisory: https://httpd.apache.org/security/vulnerabilities_24.html Upstream Patch: https://svn.apache.org/viewvc?view=revision&sortby=log&revision=1824475
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 1560400]
Analysis: If the apache server is configured to use mod_cache, a client could send a specially crafted http header, causing the process to crash. Apache is by default configured in prefork MPM mode, which means that this flaw can result in a crash of child process. The main web server process will not be killed.
Statement: The versions of httpd package shipped with Red Hat Enterprise Linux are by default configured in prefork MPM mode, which means that this flaw can result in a crash of child process. The main web server process will not be killed. Also, though the module is loaded by default, it needs to be specifically enabled in order to be exposed to the security flaw.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2018:3558
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0366
This issue has been addressed in the following products: JBoss Core Services on RHEL 6 JBoss Core Services on RHEL 7 Via RHSA-2019:0367 https://access.redhat.com/errata/RHSA-2019:0367
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3958 https://access.redhat.com/errata/RHSA-2020:3958