httpd-2.4.6-99.1.0.9.el7.AXS7

エラータID: AXSA:2025-10586:06

Release date: 
Friday, July 25, 2025 - 11:42
Subject: 
httpd-2.4.6-99.1.0.9.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The Apache HTTP Server is a powerful, efficient, and extensible
web server.

Security Fix(es):

* CVE-2014-8109: mod_lua: fix LuaAuthzProvider argument handling issue
* CVE-2019-10092: mod_proxy: fix limited cross-site scripting in mod_proxy error
page

CVE(s):
CVE-2019-10092
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
CVE-2014-8109
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.

Solution: 

Update packages.

CVEs: 
CVE-2014-8109
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.
CVE-2019-10092
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. httpd-2.4.6-99.1.0.9.el7.AXS7.x86_64.rpm
    MD5: 7ca61d22c3f8f6831df51afc53a5cdbd
    SHA-256: 42eddbaeddcbab2ae9c3e42dae15886cf0148137f9064e85cdc5278800e7bf7f
    Size: 1.20 MB
  2. httpd-devel-2.4.6-99.1.0.9.el7.AXS7.x86_64.rpm
    MD5: a41749482b928b074e7b3eb4b7175557
    SHA-256: 53fcbf9ef85cbd6aa2964ecbcffd6cd1d85e879681c9aa86266054e5a7ba0360
    Size: 202.61 kB
  3. httpd-manual-2.4.6-99.1.0.9.el7.AXS7.noarch.rpm
    MD5: b668ed98fc2dc4b98b27f7fd3250831f
    SHA-256: d293b2198d2d4497c0a3cf2d5b3e9595a87e486d02283eaa6c91e3247b161d5e
    Size: 1.35 MB
  4. httpd-tools-2.4.6-99.1.0.9.el7.AXS7.x86_64.rpm
    MD5: 1d7dc8cd30f1188452962722486445f3
    SHA-256: 4199a93b593bcb3c2e8c4f0e014edc0072f6e03ad2d345706f110c57f522772d
    Size: 95.56 kB
  5. mod_session-2.4.6-99.1.0.9.el7.AXS7.x86_64.rpm
    MD5: dd5e5e4c97f1d8b574d2e7f615d34be3
    SHA-256: d3ac229b51fc3821ae12b144236141813180f5ae7bcc041d08ee74c4eb2077fc
    Size: 65.63 kB
  6. mod_ssl-2.4.6-99.1.0.9.el7.AXS7.x86_64.rpm
    MD5: caae9b68dc118d259cae8ea26dd460cf
    SHA-256: f526c6b91e9a44d92d98c9167f0e24756f6aea0f6789861db2f8d6cb22a6acca
    Size: 116.73 kB