Oracle Linux: CVE-2024-38477: ELSA-2024-4726: httpd security update (IMPORTANT) (Multiple Advisories)

Oracle Linux: CVE-2024-38477: ELSA-2024-4726:httpd security update (IMPORTANT) (Multiple Advisories)

Severity

8

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

07/01/2024

Created

08/20/2024

Added

08/16/2024

Modified

01/08/2025

Description

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. A flaw was found in the mod_proxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service.

Solution(s)

• oracle-linux-upgrade-httpd
• oracle-linux-upgrade-httpd-core
• oracle-linux-upgrade-httpd-devel
• oracle-linux-upgrade-httpd-filesystem
• oracle-linux-upgrade-httpd-manual
• oracle-linux-upgrade-httpd-tools
• oracle-linux-upgrade-mod-http2
• oracle-linux-upgrade-mod-ldap
• oracle-linux-upgrade-mod-lua
• oracle-linux-upgrade-mod-md
• oracle-linux-upgrade-mod-proxy-html
• oracle-linux-upgrade-mod-session
• oracle-linux-upgrade-mod-ssl

References

• https://attackerkb.com/topics/cve-2024-38477
• CVE - 2024-38477
• ELSA-2024-4726
• ELSA-2024-4943
• ELSA-2024-4720