First Last Prev Next    This bug is not in your last search results.
Bug 57218 - Apache - HTTP security issue with apache2 2.4.38-3+deb10u10A
Apache - HTTP security issue with apache2 2.4.38-3+deb10u10A
Status: NEW
Product: UCS
Classification: Unclassified
Component: Apache
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UMC maintainers
UMC maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2024-04-09 10:32 CEST by Mirac Erdemiroglu
Modified: 2024-04-09 10:33 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2024040821000091
Bug group (optional): Security
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mirac Erdemiroglu univentionstaff 2024-04-09 10:32:09 CEST 
A remote, anonymous attacker can exploit multiple vulnerabilities in Apache HTTP Server to manipulate data.

BSI: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0801

Debian Security CVE-2024-24795
https://security-tracker.debian.org/tracker/CVE-2024-24795

Debian Security CVE-2023-38709
https://security-tracker.debian.org/tracker/CVE-2023-38709


UCS: 5.0-7 errata1018


dpkg -l | grep apache
ii  apache2                                             2.4.38-3+deb10u10A~5.0.3.202304251027             amd64        Apache HTTP Server
ii  apache2-bin                                         2.4.38-3+deb10u10A~5.0.3.202304251027             amd64        Apache HTTP Server (modules and other binary files)
ii  apache2-data                                        2.4.38-3+deb10u10A~5.0.3.202304251027             all          Apache HTTP Server (common files)
ii  apache2-suexec-pristine                             2.4.38-3+deb10u10A~5.0.3.202304251027             amd64        Apache HTTP Server standard suexec program for mod_suexec
ii  apache2-utils                                       2.4.38-3+deb10u10A~5.0.3.202304251027             amd64        Apache HTTP Server (utility programs for web servers)
ii  libapache2-mod-authnz-pam                           1.2.0-1                                           amd64        PAM authorization checker and PAM Basic Authentication provider
ii  libapache2-mod-wsgi-py3                             4.6.5-1+deb10u1                                   amd64        Python 3 WSGI adapter module for Apache
ii  univention-apache                                   12.0.3-2A~5.0.0.202302061640                      all          UCS - Apache2 configuration
ii  univention-apache-vhost                             12.0.3-2A~5.0.0.202302061640                      all          UCS - Apache2 vhost
First Last Prev Next    This bug is not in your last search results.