[USN-6729-3] Apache HTTP Server vulnerabilities
Several security issues were fixed in Apache HTTP Server.
USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update
provides the corresponding updates for Ubuntu 24.04 LTS.
Original advisory details:
Orange Tsai discovered that the Apache HTTP Server incorrectly handled
validating certain input. A remote attacker could possibly use this
issue to perform HTTP request splitting attacks. (CVE-2023-38709)
Keran Mu and Jianjun Chen discovered that the Apache HTTP Server
incorrectly handled validating certain input. A remote attacker could
possibly use this issue to perform HTTP request splitting attacks.
(CVE-2024-24795)
Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module
incorrectly handled endless continuation frames. A remote attacker could
possibly use this issue to cause the server to consume resources, leading
to a denial of service. (CVE-2024-27316)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/libapache2-mod-proxy-uwsgi?distro=noble | < 2.4.58-1ubuntu8.1 |
pkg:deb/ubuntu/libapache2-mod-md?distro=noble | < 2.4.58-1ubuntu8.1 |
pkg:deb/ubuntu/apache2?distro=noble | < 2.4.58-1ubuntu8.1 |
pkg:deb/ubuntu/apache2-utils?distro=noble | < 2.4.58-1ubuntu8.1 |
pkg:deb/ubuntu/apache2-suexec-pristine?distro=noble | < 2.4.58-1ubuntu8.1 |
pkg:deb/ubuntu/apache2-suexec-custom?distro=noble | < 2.4.58-1ubuntu8.1 |
pkg:deb/ubuntu/apache2-ssl-dev?distro=noble | < 2.4.58-1ubuntu8.1 |
pkg:deb/ubuntu/apache2-doc?distro=noble | < 2.4.58-1ubuntu8.1 |
pkg:deb/ubuntu/apache2-dev?distro=noble | < 2.4.58-1ubuntu8.1 |
pkg:deb/ubuntu/apache2-data?distro=noble | < 2.4.58-1ubuntu8.1 |
pkg:deb/ubuntu/apache2-bin?distro=noble | < 2.4.58-1ubuntu8.1 |
- ID
- USN-6729-3
- Severity
- high
- Severity from
- CVE-2024-27316
- URL
- https://ubuntu.com/security/notices/USN-6729-3
- Published
-
2024-04-29T11:31:21
(4 months ago) - Modified
-
2024-04-29T11:31:21
(4 months ago) - Other Advisories
-
- ALAS-2024-1931
- ALAS2-2024-2524
- ALAS2-2024-2532
- ALPINE:CVE-2023-38709
- ALPINE:CVE-2024-24795
- ALPINE:CVE-2024-27316
- ALSA-2024:1786
- ALSA-2024:1872
- ALSA-2024:2564
- ALSA-2024:4197
- DSA-5662-1
- ELSA-2024-1786
- ELSA-2024-1872
- ELSA-2024-2564
- ELSA-2024-4197
- FEDORA-2024-1f11550e31
- FEDORA-2024-4812897dd1
- FEDORA-2024-528301bac2
- FEDORA-2024-937be154d8
- FEDORA-2024-c2f6576348
- FEDORA-2024-d0dccd6b96
- FREEBSD:8E6F684B-F333-11EE-A573-84A93843EB75
- RHSA-2024:1786
- RHSA-2024:1872
- RHSA-2024:2564
- RHSA-2024:4197
- RLSA-2024:2564
- SSA:2024-095-01
- SUSE-SU-2024:1627-1
- SUSE-SU-2024:1788-1
- SUSE-SU-2024:1868-1
- SUSE-SU-2024:1963-1
- USN-6729-1
- USN-6729-2
- VU:421644
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/libapache2-mod-proxy-uwsgi?distro=noble | ubuntu | libapache2-mod-proxy-uwsgi | < 2.4.58-1ubuntu8.1 | noble | ||
Affected | pkg:deb/ubuntu/libapache2-mod-md?distro=noble | ubuntu | libapache2-mod-md | < 2.4.58-1ubuntu8.1 | noble | ||
Affected | pkg:deb/ubuntu/apache2?distro=noble | ubuntu | apache2 | < 2.4.58-1ubuntu8.1 | noble | ||
Affected | pkg:deb/ubuntu/apache2-utils?distro=noble | ubuntu | apache2-utils | < 2.4.58-1ubuntu8.1 | noble | ||
Affected | pkg:deb/ubuntu/apache2-suexec-pristine?distro=noble | ubuntu | apache2-suexec-pristine | < 2.4.58-1ubuntu8.1 | noble | ||
Affected | pkg:deb/ubuntu/apache2-suexec-custom?distro=noble | ubuntu | apache2-suexec-custom | < 2.4.58-1ubuntu8.1 | noble | ||
Affected | pkg:deb/ubuntu/apache2-ssl-dev?distro=noble | ubuntu | apache2-ssl-dev | < 2.4.58-1ubuntu8.1 | noble | ||
Affected | pkg:deb/ubuntu/apache2-doc?distro=noble | ubuntu | apache2-doc | < 2.4.58-1ubuntu8.1 | noble | ||
Affected | pkg:deb/ubuntu/apache2-dev?distro=noble | ubuntu | apache2-dev | < 2.4.58-1ubuntu8.1 | noble | ||
Affected | pkg:deb/ubuntu/apache2-data?distro=noble | ubuntu | apache2-data | < 2.4.58-1ubuntu8.1 | noble | ||
Affected | pkg:deb/ubuntu/apache2-bin?distro=noble | ubuntu | apache2-bin | < 2.4.58-1ubuntu8.1 | noble |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |