Red-hat apache httpd vulnerabilities

Latest response

our cyber security team have asked us to address the Apache HTTPD vulnerabilities in the below CVE

CVE-2020-11984, CVE-2020-11993 and CVE-2020-9490

The below are the versions that we use and the OS
[root@DCHQANAPP02 apache]# /apache/jbcs-httpd24-2.4/httpd/sbin/apachectl -version
Server version: Apache/2.4.29 (Red Hat)
Server built: May 31 2018 09:30:48
[root@DCHQANAPP02 apache]# /apache/jbcs-httpd24-2.4/httpd/sbin/apachectl -V
Server version: Apache/2.4.29 (Red Hat)
Server built: May 31 2018 09:30:48
Server's Module Magic Number: 20120211:68
Server loaded: APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture: 64-bit
Red Hat Enterprise Linux Server release 7.6 (Maipo)

And,
Server version: Apache/2.4.37 (Red Hat) (Release 33.jbcs.el7-GA)
Server built: Oct 11 2019 08:34:45
[root@dchqhrm04 sbin]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.7 (Maipo)

Responses

Notice the statement: Red Hat Enterprise Linux 5, 6, and 7 do not ship the vulnerable version of httpd and, thus, are not affected. https://access.redhat.com/security/cve/cve-2020-11993

My Concerns. Will there be a solution for RHEL8? Also my cyber security team have asked us to address the Apache HTTPD for RHEL8

Yup I noticed it but also it was mentioned Red Hat Software Collections --> httpd24.4, and when I checked the versions of apache we are using is jbcs-httpd24-2.4. So I believe that is related to the Red Hat software collection. Am I correct? I am pretty new to this.

Mohamed, I do not think that jbcs-httpd24-2.4 is part of Red Hat Software Collections. I believe its a special type service you need to download from RedHat.

See this link below.

https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/html/apache_http_server_installation_guide/installing_jboss_core_services_apache_http_server_on_red_hat_enterprise_linux