[USN-6729-2] Apache HTTP Server vulnerabilities
Several security issues were fixed in Apache HTTP Server.
USN-6729-1 fixed several vulnerabilities in Apache. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Orange Tsai discovered that the Apache HTTP Server incorrectly handled
validating certain input. A remote attacker could possibly use this
issue to perform HTTP request splitting attacks. (CVE-2023-38709)
Keran Mu and Jianjun Chen discovered that the Apache HTTP Server
incorrectly handled validating certain input. A remote attacker could
possibly use this issue to perform HTTP request splitting attacks.
(CVE-2024-24795)
Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module
incorrectly handled endless continuation frames. A remote attacker could
possibly use this issue to cause the server to consume resources, leading
to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS.
(CVE-2024-27316)
- ID
- USN-6729-2
- Severity
- high
- Severity from
- CVE-2024-27316
- URL
- https://ubuntu.com/security/notices/USN-6729-2
- Published
-
2024-04-17T15:26:47
(5 months ago) - Modified
-
2024-04-17T15:26:47
(5 months ago) - Other Advisories
-
- ALAS-2024-1931
- ALAS2-2024-2524
- ALAS2-2024-2532
- ALPINE:CVE-2023-38709
- ALPINE:CVE-2024-24795
- ALPINE:CVE-2024-27316
- ALSA-2024:1786
- ALSA-2024:1872
- ALSA-2024:2564
- ALSA-2024:4197
- DSA-5662-1
- ELSA-2024-1786
- ELSA-2024-1872
- ELSA-2024-2564
- ELSA-2024-4197
- FEDORA-2024-1f11550e31
- FEDORA-2024-4812897dd1
- FEDORA-2024-528301bac2
- FEDORA-2024-937be154d8
- FEDORA-2024-c2f6576348
- FEDORA-2024-d0dccd6b96
- FREEBSD:8E6F684B-F333-11EE-A573-84A93843EB75
- RHSA-2024:1786
- RHSA-2024:1872
- RHSA-2024:2564
- RHSA-2024:4197
- RLSA-2024:2564
- SSA:2024-095-01
- SUSE-SU-2024:1627-1
- SUSE-SU-2024:1788-1
- SUSE-SU-2024:1868-1
- SUSE-SU-2024:1963-1
- USN-6729-1
- USN-6729-3
- VU:421644
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/apache2?distro=xenial | ubuntu | apache2 | < 2.4.18-2ubuntu3.17+esm12 | xenial | ||
Affected | pkg:deb/ubuntu/apache2?distro=bionic | ubuntu | apache2 | < 2.4.29-1ubuntu4.27+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/apache2-utils?distro=xenial | ubuntu | apache2-utils | < 2.4.18-2ubuntu3.17+esm12 | xenial | ||
Affected | pkg:deb/ubuntu/apache2-utils?distro=bionic | ubuntu | apache2-utils | < 2.4.29-1ubuntu4.27+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/apache2-suexec-pristine?distro=xenial | ubuntu | apache2-suexec-pristine | < 2.4.18-2ubuntu3.17+esm12 | xenial | ||
Affected | pkg:deb/ubuntu/apache2-suexec-pristine?distro=bionic | ubuntu | apache2-suexec-pristine | < 2.4.29-1ubuntu4.27+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/apache2-suexec-custom?distro=xenial | ubuntu | apache2-suexec-custom | < 2.4.18-2ubuntu3.17+esm12 | xenial | ||
Affected | pkg:deb/ubuntu/apache2-suexec-custom?distro=bionic | ubuntu | apache2-suexec-custom | < 2.4.29-1ubuntu4.27+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/apache2-ssl-dev?distro=bionic | ubuntu | apache2-ssl-dev | < 2.4.29-1ubuntu4.27+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/apache2-doc?distro=xenial | ubuntu | apache2-doc | < 2.4.18-2ubuntu3.17+esm12 | xenial | ||
Affected | pkg:deb/ubuntu/apache2-doc?distro=bionic | ubuntu | apache2-doc | < 2.4.29-1ubuntu4.27+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/apache2-dev?distro=xenial | ubuntu | apache2-dev | < 2.4.18-2ubuntu3.17+esm12 | xenial | ||
Affected | pkg:deb/ubuntu/apache2-dev?distro=bionic | ubuntu | apache2-dev | < 2.4.29-1ubuntu4.27+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/apache2-data?distro=xenial | ubuntu | apache2-data | < 2.4.18-2ubuntu3.17+esm12 | xenial | ||
Affected | pkg:deb/ubuntu/apache2-data?distro=bionic | ubuntu | apache2-data | < 2.4.29-1ubuntu4.27+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/apache2-bin?distro=xenial | ubuntu | apache2-bin | < 2.4.18-2ubuntu3.17+esm12 | xenial | ||
Affected | pkg:deb/ubuntu/apache2-bin?distro=bionic | ubuntu | apache2-bin | < 2.4.29-1ubuntu4.27+esm2 | bionic |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |