{"id":"RHSA-2023:7625","summary":"Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP2 security update","modified":"2026-04-02T10:05:48Z","published":"2024-09-13T21:19:05Z","upstream":["CVE-2023-0464","CVE-2023-0465","CVE-2023-0466","CVE-2023-2650","CVE-2023-3446","CVE-2023-38039","CVE-2023-3817","CVE-2023-38545","CVE-2023-38546","CVE-2023-41081","CVE-2023-45802"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:7625"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2181082"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182561"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182565"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2207947"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224962"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2227852"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238847"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239135"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241933"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241938"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243877"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7625.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-0464"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-0464"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0464"},{"type":"ARTICLE","url":"https://www.openssl.org/news/secadv/20230322.txt"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-0465"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-0465"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0465"},{"type":"ARTICLE","url":"https://www.openssl.org/news/secadv/20230328.txt"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-0466"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-0466"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0466"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-2650"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-2650"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2650"},{"type":"ARTICLE","url":"https://www.openssl.org/news/secadv/20230530.txt"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-3446"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-3446"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3446"},{"type":"ARTICLE","url":"https://www.openssl.org/news/secadv/20230719.txt"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-3817"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-3817"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3817"},{"type":"ARTICLE","url":"https://www.openssl.org/news/secadv/20230731.txt"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-38039"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-38039"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38039"},{"type":"ARTICLE","url":"https://curl.se/docs/CVE-2023-38039.html"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-38545"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-38545"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38545"},{"type":"ARTICLE","url":"https://curl.se/docs/CVE-2023-38545.html"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-38546"},{"type":"ARTICLE","url":"https://access.redhat.com/errata/RHSA-2024:2101"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-38546"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38546"},{"type":"ARTICLE","url":"https://curl.se/docs/CVE-2023-38546.html"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-41081"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-41081"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41081"},{"type":"ARTICLE","url":"https://lists.apache.org/thread/rd1r26w7271jyqgzr4492tooyt583d8b"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-45802"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-45802"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45802"},{"type":"ARTICLE","url":"https://httpd.apache.org/security/vulnerabilities_24.html"}],"affected":[{"package":{"name":"jbcs-httpd24-openssl","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-16.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-openssl-debuginfo","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-16.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-openssl-devel","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-16.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-openssl-libs","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-16.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-openssl-perl","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-perl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-16.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-openssl-static","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-static"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-16.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-openssl","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-16.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-openssl-debuginfo","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-16.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-openssl-devel","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-16.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-openssl-libs","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-16.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-openssl-libs-debuginfo","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-libs-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-16.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-openssl-perl","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-perl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-16.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-openssl-static","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl-static"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-16.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-curl","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-curl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.4.0-2.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-curl-debuginfo","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.4.0-2.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-libcurl","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-libcurl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.4.0-2.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-libcurl-devel","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-libcurl-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.4.0-2.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-curl","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-curl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.4.0-2.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-curl-debuginfo","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.4.0-2.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-libcurl","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-libcurl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.4.0-2.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-libcurl-debuginfo","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-libcurl-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.4.0-2.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-libcurl-devel","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-libcurl-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.4.0-2.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-mod_jk","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-mod_jk"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.49-1.redhat_1.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-mod_jk-ap24","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.49-1.redhat_1.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-mod_jk-debuginfo","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.49-1.redhat_1.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-mod_jk","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-mod_jk"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.49-1.redhat_1.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-mod_jk-ap24","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.49-1.redhat_1.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-mod_jk-ap24-debuginfo","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.49-1.redhat_1.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-mod_http2","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-mod_http2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.15.19-32.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-mod_http2-debuginfo","ecosystem":"Red Hat:jboss_core_services:1::el7","purl":"pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.15.19-32.el7jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-mod_http2","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-mod_http2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.15.19-32.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}},{"package":{"name":"jbcs-httpd24-mod_http2-debuginfo","ecosystem":"Red Hat:jboss_core_services:1::el8","purl":"pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.15.19-32.el8jbcs"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2023:7625.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}