CVE-2021-22890

Related Files

Red Hat Security Advisory 2021-2472-01

Posted Jun 17, 2021

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2472-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, web, vulnerability

systems | linux, redhat

advisories | CVE-2020-8169, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22901, CVE-2021-31618

SHA-256 | 19735da2179172dfd4dafbdef97ffa2abdb672d9b8f5865fe7fd9e743f621ed9

Download | Favorite | View

Red Hat Security Advisory 2021-2471-01

Posted Jun 17, 2021

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2471-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, web, vulnerability

systems | linux, redhat

advisories | CVE-2020-8169, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22901, CVE-2021-31618

SHA-256 | c503b0c9787ff152a79b6411488dd21ecce7fa317d626248d8da273122c8eb96

Download | Favorite | View

Gentoo Linux Security Advisory 202105-36

Posted May 26, 2021

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-36 - Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code. Versions less than 7.77.0 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2021-22876, CVE-2021-22890, CVE-2021-22898, CVE-2021-22901

SHA-256 | 27d653e9c404fce8a51dc5b8eb56846b8d6b8bc2c806dad855056460e4cd9d0d

Download | Favorite | View

Ubuntu Security Notice USN-4898-1

Posted Mar 31, 2021

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4898-1 - Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. Mingtao Yang discovered that curl incorrectly handled session tickets when using an HTTPS proxy. A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. Various other issues were also addressed.

tags | advisory, remote, web

systems | linux, ubuntu

advisories | CVE-2021-22876, CVE-2021-22890

SHA-256 | 22173ed9e34384a637f436fbee924cd1e6f822bde6b4c5d87b6d0061740ea569

Download | Favorite | View

Debian Security Advisory 4881-1

Posted Mar 28, 2021

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4881-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890

SHA-256 | bc9e30e2495c14523abe0253c23adf2b8510b307a08eb0748a5275eab7b6de70

Download | Favorite | View