[USN-6729-2] Apache HTTP Server vulnerabilities
Several security issues were fixed in Apache HTTP Server.
USN-6729-1 fixed several vulnerabilities in Apache. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Orange Tsai discovered that the Apache HTTP Server incorrectly handled
validating certain input. A remote attacker could possibly use this
issue to perform HTTP request splitting attacks. (CVE-2023-38709)
Keran Mu and Jianjun Chen discovered that the Apache HTTP Server
incorrectly handled validating certain input. A remote attacker could
possibly use this issue to perform HTTP request splitting attacks.
(CVE-2024-24795)
Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module
incorrectly handled endless continuation frames. A remote attacker could
possibly use this issue to cause the server to consume resources, leading
to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS.
(CVE-2024-27316)
- ID
- USN-6729-2
- Severity
- high
- Severity from
- CVE-2024-27316
- URL
- https://ubuntu.com/security/notices/USN-6729-2
- Published
-
2024-04-17T15:26:47
(5 months ago) - Modified
-
2024-04-17T15:26:47
(5 months ago) - Other Advisories
-
-
ALAS-2024-1931
-
ALAS2-2024-2524
-
ALAS2-2024-2532
-
ALPINE:CVE-2023-38709
-
ALPINE:CVE-2024-24795
-
ALPINE:CVE-2024-27316
-
ALSA-2024:1786
-
ALSA-2024:1872
-
ALSA-2024:2564
-
ALSA-2024:4197
-
DSA-5662-1
-
ELSA-2024-1786
-
ELSA-2024-1872
-
ELSA-2024-2564
-
ELSA-2024-4197
-
FEDORA-2024-1f11550e31
-
FEDORA-2024-4812897dd1
-
FEDORA-2024-528301bac2
-
FEDORA-2024-937be154d8
-
FEDORA-2024-c2f6576348
-
FEDORA-2024-d0dccd6b96
-
FREEBSD:8E6F684B-F333-11EE-A573-84A93843EB75
-
RHSA-2024:1786
-
RHSA-2024:1872
-
RHSA-2024:2564
-
RHSA-2024:4197
-
RLSA-2024:2564
-
SSA:2024-095-01
-
SUSE-SU-2024:1627-1
-
SUSE-SU-2024:1788-1
-
SUSE-SU-2024:1868-1
-
SUSE-SU-2024:1963-1
-
USN-6729-1
-
USN-6729-3
-
VU:421644
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:deb/ubuntu/apache2?distro=xenial | ubuntu |
 apache2
|
< 2.4.18-2ubuntu3.17+esm12 | xenial | ||
| Affected | pkg:deb/ubuntu/apache2?distro=bionic | ubuntu |
apache2
|
< 2.4.29-1ubuntu4.27+esm2 | bionic | ||
| Affected | pkg:deb/ubuntu/apache2-utils?distro=xenial | ubuntu |
apache2-utils
|
< 2.4.18-2ubuntu3.17+esm12 | xenial | ||
| Affected | pkg:deb/ubuntu/apache2-utils?distro=bionic | ubuntu |
apache2-utils
|
< 2.4.29-1ubuntu4.27+esm2 | bionic | ||
| Affected | pkg:deb/ubuntu/apache2-suexec-pristine?distro=xenial | ubuntu |
apache2-suexec-pristine
|
< 2.4.18-2ubuntu3.17+esm12 | xenial | ||
| Affected | pkg:deb/ubuntu/apache2-suexec-pristine?distro=bionic | ubuntu |
apache2-suexec-pristine
|
< 2.4.29-1ubuntu4.27+esm2 | bionic | ||
| Affected | pkg:deb/ubuntu/apache2-suexec-custom?distro=xenial | ubuntu |
apache2-suexec-custom
|
< 2.4.18-2ubuntu3.17+esm12 | xenial | ||
| Affected | pkg:deb/ubuntu/apache2-suexec-custom?distro=bionic | ubuntu |
apache2-suexec-custom
|
< 2.4.29-1ubuntu4.27+esm2 | bionic | ||
| Affected | pkg:deb/ubuntu/apache2-ssl-dev?distro=bionic | ubuntu |
apache2-ssl-dev
|
< 2.4.29-1ubuntu4.27+esm2 | bionic | ||
| Affected | pkg:deb/ubuntu/apache2-doc?distro=xenial | ubuntu |
apache2-doc
|
< 2.4.18-2ubuntu3.17+esm12 | xenial | ||
| Affected | pkg:deb/ubuntu/apache2-doc?distro=bionic | ubuntu |
apache2-doc
|
< 2.4.29-1ubuntu4.27+esm2 | bionic | ||
| Affected | pkg:deb/ubuntu/apache2-dev?distro=xenial | ubuntu |
apache2-dev
|
< 2.4.18-2ubuntu3.17+esm12 | xenial | ||
| Affected | pkg:deb/ubuntu/apache2-dev?distro=bionic | ubuntu |
apache2-dev
|
< 2.4.29-1ubuntu4.27+esm2 | bionic | ||
| Affected | pkg:deb/ubuntu/apache2-data?distro=xenial | ubuntu |
apache2-data
|
< 2.4.18-2ubuntu3.17+esm12 | xenial | ||
| Affected | pkg:deb/ubuntu/apache2-data?distro=bionic | ubuntu |
apache2-data
|
< 2.4.29-1ubuntu4.27+esm2 | bionic | ||
| Affected | pkg:deb/ubuntu/apache2-bin?distro=xenial | ubuntu |
apache2-bin
|
< 2.4.18-2ubuntu3.17+esm12 | xenial | ||
| Affected | pkg:deb/ubuntu/apache2-bin?distro=bionic | ubuntu |
apache2-bin
|
< 2.4.29-1ubuntu4.27+esm2 | bionic |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |