OESA-2024-2101
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2101
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-2101.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2024-2101
- Upstream
- Published
- 2024-09-06T11:09:03Z
- Modified
- 2025-09-03T06:20:23.279672Z
- Summary
- httpd security update
- Details
-
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.
Security Fix(es):
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38476)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:20.03-LTS-SP4
httpd
Package
- Name
- httpd
- Purl
- pkg:rpm/openEuler/httpd&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.43-25.oe2003sp4
Ecosystem specific
{
"noarch": [
"httpd-filesystem-2.4.43-25.oe2003sp4.noarch.rpm",
"httpd-help-2.4.43-25.oe2003sp4.noarch.rpm"
],
"aarch64": [
"httpd-2.4.43-25.oe2003sp4.aarch64.rpm",
"httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64.rpm",
"httpd-debugsource-2.4.43-25.oe2003sp4.aarch64.rpm",
"httpd-devel-2.4.43-25.oe2003sp4.aarch64.rpm",
"httpd-tools-2.4.43-25.oe2003sp4.aarch64.rpm",
"mod_ldap-2.4.43-25.oe2003sp4.aarch64.rpm",
"mod_md-2.4.43-25.oe2003sp4.aarch64.rpm",
"mod_proxy_html-2.4.43-25.oe2003sp4.aarch64.rpm",
"mod_session-2.4.43-25.oe2003sp4.aarch64.rpm",
"mod_ssl-2.4.43-25.oe2003sp4.aarch64.rpm"
],
"x86_64": [
"httpd-2.4.43-25.oe2003sp4.x86_64.rpm",
"httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64.rpm",
"httpd-debugsource-2.4.43-25.oe2003sp4.x86_64.rpm",
"httpd-devel-2.4.43-25.oe2003sp4.x86_64.rpm",
"httpd-tools-2.4.43-25.oe2003sp4.x86_64.rpm",
"mod_ldap-2.4.43-25.oe2003sp4.x86_64.rpm",
"mod_md-2.4.43-25.oe2003sp4.x86_64.rpm",
"mod_proxy_html-2.4.43-25.oe2003sp4.x86_64.rpm",
"mod_session-2.4.43-25.oe2003sp4.x86_64.rpm",
"mod_ssl-2.4.43-25.oe2003sp4.x86_64.rpm"
],
"src": [
"httpd-2.4.43-25.oe2003sp4.src.rpm"
]
}openEuler:22.03-LTS-SP1
httpd
Package
- Name
- httpd
- Purl
- pkg:rpm/openEuler/httpd&distro=openEuler-22.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.51-22.oe2203sp1
Ecosystem specific
{
"noarch": [
"httpd-filesystem-2.4.51-22.oe2203sp1.noarch.rpm",
"httpd-help-2.4.51-22.oe2203sp1.noarch.rpm"
],
"aarch64": [
"httpd-2.4.51-22.oe2203sp1.aarch64.rpm",
"httpd-debuginfo-2.4.51-22.oe2203sp1.aarch64.rpm",
"httpd-debugsource-2.4.51-22.oe2203sp1.aarch64.rpm",
"httpd-devel-2.4.51-22.oe2203sp1.aarch64.rpm",
"httpd-tools-2.4.51-22.oe2203sp1.aarch64.rpm",
"mod_ldap-2.4.51-22.oe2203sp1.aarch64.rpm",
"mod_md-2.4.51-22.oe2203sp1.aarch64.rpm",
"mod_proxy_html-2.4.51-22.oe2203sp1.aarch64.rpm",
"mod_session-2.4.51-22.oe2203sp1.aarch64.rpm",
"mod_ssl-2.4.51-22.oe2203sp1.aarch64.rpm"
],
"x86_64": [
"httpd-2.4.51-22.oe2203sp1.x86_64.rpm",
"httpd-debuginfo-2.4.51-22.oe2203sp1.x86_64.rpm",
"httpd-debugsource-2.4.51-22.oe2203sp1.x86_64.rpm",
"httpd-devel-2.4.51-22.oe2203sp1.x86_64.rpm",
"httpd-tools-2.4.51-22.oe2203sp1.x86_64.rpm",
"mod_ldap-2.4.51-22.oe2203sp1.x86_64.rpm",
"mod_md-2.4.51-22.oe2203sp1.x86_64.rpm",
"mod_proxy_html-2.4.51-22.oe2203sp1.x86_64.rpm",
"mod_session-2.4.51-22.oe2203sp1.x86_64.rpm",
"mod_ssl-2.4.51-22.oe2203sp1.x86_64.rpm"
],
"src": [
"httpd-2.4.51-22.oe2203sp1.src.rpm"
]
}openEuler:22.03-LTS-SP3
httpd
Package
- Name
- httpd
- Purl
- pkg:rpm/openEuler/httpd&distro=openEuler-22.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.51-22.oe2203sp3
Ecosystem specific
{
"noarch": [
"httpd-filesystem-2.4.51-22.oe2203sp3.noarch.rpm",
"httpd-help-2.4.51-22.oe2203sp3.noarch.rpm"
],
"aarch64": [
"httpd-2.4.51-22.oe2203sp3.aarch64.rpm",
"httpd-debuginfo-2.4.51-22.oe2203sp3.aarch64.rpm",
"httpd-debugsource-2.4.51-22.oe2203sp3.aarch64.rpm",
"httpd-devel-2.4.51-22.oe2203sp3.aarch64.rpm",
"httpd-tools-2.4.51-22.oe2203sp3.aarch64.rpm",
"mod_ldap-2.4.51-22.oe2203sp3.aarch64.rpm",
"mod_md-2.4.51-22.oe2203sp3.aarch64.rpm",
"mod_proxy_html-2.4.51-22.oe2203sp3.aarch64.rpm",
"mod_session-2.4.51-22.oe2203sp3.aarch64.rpm",
"mod_ssl-2.4.51-22.oe2203sp3.aarch64.rpm"
],
"x86_64": [
"httpd-2.4.51-22.oe2203sp3.x86_64.rpm",
"httpd-debuginfo-2.4.51-22.oe2203sp3.x86_64.rpm",
"httpd-debugsource-2.4.51-22.oe2203sp3.x86_64.rpm",
"httpd-devel-2.4.51-22.oe2203sp3.x86_64.rpm",
"httpd-tools-2.4.51-22.oe2203sp3.x86_64.rpm",
"mod_ldap-2.4.51-22.oe2203sp3.x86_64.rpm",
"mod_md-2.4.51-22.oe2203sp3.x86_64.rpm",
"mod_proxy_html-2.4.51-22.oe2203sp3.x86_64.rpm",
"mod_session-2.4.51-22.oe2203sp3.x86_64.rpm",
"mod_ssl-2.4.51-22.oe2203sp3.x86_64.rpm"
],
"src": [
"httpd-2.4.51-22.oe2203sp3.src.rpm"
]
}openEuler:22.03-LTS-SP4
httpd
Package
- Name
- httpd
- Purl
- pkg:rpm/openEuler/httpd&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.51-22.oe2203sp4
Ecosystem specific
{
"noarch": [
"httpd-filesystem-2.4.51-22.oe2203sp4.noarch.rpm",
"httpd-help-2.4.51-22.oe2203sp4.noarch.rpm"
],
"aarch64": [
"httpd-2.4.51-22.oe2203sp4.aarch64.rpm",
"httpd-debuginfo-2.4.51-22.oe2203sp4.aarch64.rpm",
"httpd-debugsource-2.4.51-22.oe2203sp4.aarch64.rpm",
"httpd-devel-2.4.51-22.oe2203sp4.aarch64.rpm",
"httpd-tools-2.4.51-22.oe2203sp4.aarch64.rpm",
"mod_ldap-2.4.51-22.oe2203sp4.aarch64.rpm",
"mod_md-2.4.51-22.oe2203sp4.aarch64.rpm",
"mod_proxy_html-2.4.51-22.oe2203sp4.aarch64.rpm",
"mod_session-2.4.51-22.oe2203sp4.aarch64.rpm",
"mod_ssl-2.4.51-22.oe2203sp4.aarch64.rpm"
],
"x86_64": [
"httpd-2.4.51-22.oe2203sp4.x86_64.rpm",
"httpd-debuginfo-2.4.51-22.oe2203sp4.x86_64.rpm",
"httpd-debugsource-2.4.51-22.oe2203sp4.x86_64.rpm",
"httpd-devel-2.4.51-22.oe2203sp4.x86_64.rpm",
"httpd-tools-2.4.51-22.oe2203sp4.x86_64.rpm",
"mod_ldap-2.4.51-22.oe2203sp4.x86_64.rpm",
"mod_md-2.4.51-22.oe2203sp4.x86_64.rpm",
"mod_proxy_html-2.4.51-22.oe2203sp4.x86_64.rpm",
"mod_session-2.4.51-22.oe2203sp4.x86_64.rpm",
"mod_ssl-2.4.51-22.oe2203sp4.x86_64.rpm"
],
"src": [
"httpd-2.4.51-22.oe2203sp4.src.rpm"
]
}openEuler:24.03-LTS
httpd
Package
- Name
- httpd
- Purl
- pkg:rpm/openEuler/httpd&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.58-6.oe2403
Ecosystem specific
{
"noarch": [
"httpd-filesystem-2.4.58-6.oe2403.noarch.rpm",
"httpd-help-2.4.58-6.oe2403.noarch.rpm"
],
"aarch64": [
"httpd-2.4.58-6.oe2403.aarch64.rpm",
"httpd-debuginfo-2.4.58-6.oe2403.aarch64.rpm",
"httpd-debugsource-2.4.58-6.oe2403.aarch64.rpm",
"httpd-devel-2.4.58-6.oe2403.aarch64.rpm",
"httpd-tools-2.4.58-6.oe2403.aarch64.rpm",
"mod_ldap-2.4.58-6.oe2403.aarch64.rpm",
"mod_md-2.4.58-6.oe2403.aarch64.rpm",
"mod_proxy_html-2.4.58-6.oe2403.aarch64.rpm",
"mod_session-2.4.58-6.oe2403.aarch64.rpm",
"mod_ssl-2.4.58-6.oe2403.aarch64.rpm"
],
"x86_64": [
"httpd-2.4.58-6.oe2403.x86_64.rpm",
"httpd-debuginfo-2.4.58-6.oe2403.x86_64.rpm",
"httpd-debugsource-2.4.58-6.oe2403.x86_64.rpm",
"httpd-devel-2.4.58-6.oe2403.x86_64.rpm",
"httpd-tools-2.4.58-6.oe2403.x86_64.rpm",
"mod_ldap-2.4.58-6.oe2403.x86_64.rpm",
"mod_md-2.4.58-6.oe2403.x86_64.rpm",
"mod_proxy_html-2.4.58-6.oe2403.x86_64.rpm",
"mod_session-2.4.58-6.oe2403.x86_64.rpm",
"mod_ssl-2.4.58-6.oe2403.x86_64.rpm"
],
"src": [
"httpd-2.4.58-6.oe2403.src.rpm"
]
}