CESA-2020:3958 -- centos 7 httpdID: oval:org.secpod.oval:def:205642 | Date: (C)2020-10-28 (M)2024-01-29 |
Class: PATCH | Family: unix |
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications * httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS * httpd: mod_rewrite configurations vulnerable to open redirect * httpd: <FilesMatch> bypass with a trailing newline in the file name * httpd: mod_rewrite potential open redirect * httpd: mod_proxy_ftp use of uninitialized value For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.