Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2021:3754 - Security Advisory
Issued:
2021-10-11
Updated:
2021-10-11

RHSA-2021:3754 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: httpd24-httpd security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for httpd24-httpd is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

  • httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

  • BZ - 2005117 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"

CVEs

  • CVE-2021-40438

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
httpd24-httpd-2.4.34-22.el7.1.src.rpm SHA-256: 1e5e16f731871ec72f78f0af6a821a38ce6c8791731fd2b16501e5ffa1ddba77
x86_64
httpd24-httpd-2.4.34-22.el7.1.x86_64.rpm SHA-256: 1ad38abceedb0177c533badbdd9e041da09cf462dd17e29e5e19eaea9f44ae03
httpd24-httpd-debuginfo-2.4.34-22.el7.1.x86_64.rpm SHA-256: fa0ae2ee0ef082b9bf58f60928a08a1707375737b9688a0f877c4f828bdd36a5
httpd24-httpd-devel-2.4.34-22.el7.1.x86_64.rpm SHA-256: ee3bb2b97d472257588226a09bfb22bf7ce25e1c0b21c476ac4b8d314581ae72
httpd24-httpd-manual-2.4.34-22.el7.1.noarch.rpm SHA-256: bf3a34f71e1c98a303661bec269457251ae7674fe0bcf3b18199bc4086db32b5
httpd24-httpd-tools-2.4.34-22.el7.1.x86_64.rpm SHA-256: d845782371045b500745eccfdc8881b41eadebc7d4281638558551713a982f04
httpd24-mod_ldap-2.4.34-22.el7.1.x86_64.rpm SHA-256: 88271bb491eadb1765202fee05ba8022d1500dca2db3f77a0dae6e2e89bec2cf
httpd24-mod_proxy_html-2.4.34-22.el7.1.x86_64.rpm SHA-256: 3c62f9abe9fb68188181490741eeafbb8ea6df9373dfe897b95174477fe5b8b0
httpd24-mod_session-2.4.34-22.el7.1.x86_64.rpm SHA-256: 26f9c3ca9fe38f3b7f8201744d7adaeac4ec8cc7860bc158813c12196edbe39c
httpd24-mod_ssl-2.4.34-22.el7.1.x86_64.rpm SHA-256: 2f332d14fba97e19036a9792387f29bed9d08a9744e60c7a985a25583647498d

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7

SRPM
httpd24-httpd-2.4.34-22.el7.1.src.rpm SHA-256: 1e5e16f731871ec72f78f0af6a821a38ce6c8791731fd2b16501e5ffa1ddba77
s390x
httpd24-httpd-2.4.34-22.el7.1.s390x.rpm SHA-256: 26e5548edfe37de0fffbebe781be9b54a0c1dfe88f63c70140965bb164cc3fcd
httpd24-httpd-debuginfo-2.4.34-22.el7.1.s390x.rpm SHA-256: 62f0fd1c87d097fe1ef00aac977b4abd1539a4028468be6d1ad56dc9a669f1d8
httpd24-httpd-devel-2.4.34-22.el7.1.s390x.rpm SHA-256: 99aae904d8af343c8da83ab1dcf6683312bd7a1ddfbd9b9d7a6cf0c5fc958106
httpd24-httpd-manual-2.4.34-22.el7.1.noarch.rpm SHA-256: bf3a34f71e1c98a303661bec269457251ae7674fe0bcf3b18199bc4086db32b5
httpd24-httpd-tools-2.4.34-22.el7.1.s390x.rpm SHA-256: 87a020bbfbc27cb70879482b1d8c80b667ebea6d6318ad132fb85cc8050e6e56
httpd24-mod_ldap-2.4.34-22.el7.1.s390x.rpm SHA-256: 0f2376aabbce6729a43b96540f2c9b35384f742ff8d67797f68a995e0c5b202c
httpd24-mod_proxy_html-2.4.34-22.el7.1.s390x.rpm SHA-256: d37bb53151c6661eee753b23227b1c6921c995ab1a7a5e74338e9ce29c445ebb
httpd24-mod_session-2.4.34-22.el7.1.s390x.rpm SHA-256: f8a6cf3f2f3bf5121b55df80806560e24610a94e81e8fc83f5abb7d1edd26294
httpd24-mod_ssl-2.4.34-22.el7.1.s390x.rpm SHA-256: 13139559c69d75be86e90abe6816a362c4e331d16fd984e556d9a60c768c462e

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7

SRPM
httpd24-httpd-2.4.34-22.el7.1.src.rpm SHA-256: 1e5e16f731871ec72f78f0af6a821a38ce6c8791731fd2b16501e5ffa1ddba77
ppc64le
httpd24-httpd-2.4.34-22.el7.1.ppc64le.rpm SHA-256: 6a04928474dc1a8e533e500c4093e07944c955ef384041ec5374b0bab5d986da
httpd24-httpd-debuginfo-2.4.34-22.el7.1.ppc64le.rpm SHA-256: acef1a27706c8366af40d0b971891aaa6560ed09b9a84f4cd97d80ab9da4f5b4
httpd24-httpd-devel-2.4.34-22.el7.1.ppc64le.rpm SHA-256: a619497a8780719f4dc559984485089abba05391678ec7258e2ff1d851ba028a
httpd24-httpd-manual-2.4.34-22.el7.1.noarch.rpm SHA-256: bf3a34f71e1c98a303661bec269457251ae7674fe0bcf3b18199bc4086db32b5
httpd24-httpd-tools-2.4.34-22.el7.1.ppc64le.rpm SHA-256: 3929b9301e8c0d02e4e9c9b9a27a53154b8bd8852f206a12e82aace2b74f2dec
httpd24-mod_ldap-2.4.34-22.el7.1.ppc64le.rpm SHA-256: 8a63c61972c837e921c934aab18285aeb669554b0ad3b5bcd6bfb99d56cb46d9
httpd24-mod_proxy_html-2.4.34-22.el7.1.ppc64le.rpm SHA-256: f6d119188d697bd2c9e028b27468cd54a9a20eb48d9c66fadd1bdb24d2dea602
httpd24-mod_session-2.4.34-22.el7.1.ppc64le.rpm SHA-256: 874f3943b7dad113c00e413e9ba3037421abdfa2bb1faab9f54160045a3e25a8
httpd24-mod_ssl-2.4.34-22.el7.1.ppc64le.rpm SHA-256: c35e0ea9a8a7d100f5eaedf3dea43d995f71b1ff8fdb405f267a72bc978dbb31

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
httpd24-httpd-2.4.34-22.el7.1.src.rpm SHA-256: 1e5e16f731871ec72f78f0af6a821a38ce6c8791731fd2b16501e5ffa1ddba77
x86_64
httpd24-httpd-2.4.34-22.el7.1.x86_64.rpm SHA-256: 1ad38abceedb0177c533badbdd9e041da09cf462dd17e29e5e19eaea9f44ae03
httpd24-httpd-debuginfo-2.4.34-22.el7.1.x86_64.rpm SHA-256: fa0ae2ee0ef082b9bf58f60928a08a1707375737b9688a0f877c4f828bdd36a5
httpd24-httpd-devel-2.4.34-22.el7.1.x86_64.rpm SHA-256: ee3bb2b97d472257588226a09bfb22bf7ce25e1c0b21c476ac4b8d314581ae72
httpd24-httpd-manual-2.4.34-22.el7.1.noarch.rpm SHA-256: bf3a34f71e1c98a303661bec269457251ae7674fe0bcf3b18199bc4086db32b5
httpd24-httpd-tools-2.4.34-22.el7.1.x86_64.rpm SHA-256: d845782371045b500745eccfdc8881b41eadebc7d4281638558551713a982f04
httpd24-mod_ldap-2.4.34-22.el7.1.x86_64.rpm SHA-256: 88271bb491eadb1765202fee05ba8022d1500dca2db3f77a0dae6e2e89bec2cf
httpd24-mod_proxy_html-2.4.34-22.el7.1.x86_64.rpm SHA-256: 3c62f9abe9fb68188181490741eeafbb8ea6df9373dfe897b95174477fe5b8b0
httpd24-mod_session-2.4.34-22.el7.1.x86_64.rpm SHA-256: 26f9c3ca9fe38f3b7f8201744d7adaeac4ec8cc7860bc158813c12196edbe39c
httpd24-mod_ssl-2.4.34-22.el7.1.x86_64.rpm SHA-256: 2f332d14fba97e19036a9792387f29bed9d08a9744e60c7a985a25583647498d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility