Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2024:5239 - Security Advisory
Issued:
2024-08-13
Updated:
2024-08-13

RHSA-2024:5239 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP5 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5 is now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 4, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.

Security Fix(es):

  • jbcs-httpd24-httpd: Potential SSRF in mod_rewrite (CVE-2024-39573)
  • jbcs-httpd24-httpd: null pointer dereference in mod_proxy (CVE-2024-38477)
  • jbcs-httpd24-httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475)
  • jbcs-httpd24-httpd: Encoding problem in mod_proxy (CVE-2024-38473)
  • jbcs-httpd24-httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474)
  • jbcs-httpd24-httpd: Security issues via backend applications whose response headers are malicious or exploitable (CVE-2024-38476)

A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat JBoss Core Services 1 for RHEL 8 x86_64
  • Red Hat JBoss Core Services 1 for RHEL 7 x86_64

Fixes

  • BZ - 2295012 - CVE-2024-38473 httpd: Encoding problem in mod_proxy
  • BZ - 2295013 - CVE-2024-38474 httpd: Substitution encoding issue in mod_rewrite
  • BZ - 2295014 - CVE-2024-38475 httpd: Improper escaping of output in mod_rewrite
  • BZ - 2295015 - CVE-2024-38476 httpd: Security issues via?backend applications whose response headers are malicious or exploitable
  • BZ - 2295016 - CVE-2024-38477 httpd: NULL pointer dereference in mod_proxy
  • BZ - 2295022 - CVE-2024-39573 httpd: Potential SSRF in mod_rewrite

CVEs

  • CVE-2024-38473
  • CVE-2024-38474
  • CVE-2024-38475
  • CVE-2024-38476
  • CVE-2024-38477
  • CVE-2024-39573

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_5_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat JBoss Core Services 1 for RHEL 8

SRPM
jbcs-httpd24-httpd-2.4.57-13.el8jbcs.src.rpm SHA-256: 742fe6297cf0a60f0a53d7061eef09983d3c4c45c631c6171d1e1ea1865881c3
jbcs-httpd24-mod_http2-1.15.19-41.el8jbcs.src.rpm SHA-256: e928b243d2ec984883ecac3afca7b73827e057119a9227ec60cadf48819d4eff
jbcs-httpd24-mod_jk-1.2.49-11.redhat_1.el8jbcs.src.rpm SHA-256: fe185cbc93a116f67fdea5c443d4da505320e9b521d3f32b8f5eb641b5421b66
jbcs-httpd24-mod_md-2.4.24-11.el8jbcs.src.rpm SHA-256: c3c97f084129e4637fada0517c692606a1f35229f7b6c1261d13f77b6e173c49
jbcs-httpd24-mod_proxy_cluster-1.3.20-8.el8jbcs.src.rpm SHA-256: 1abd96f3eac3c9e3c95d38d11cb84e3b5dbdd5a4ac5df15b4c66180200affdf2
jbcs-httpd24-mod_security-2.9.3-40.el8jbcs.src.rpm SHA-256: d61bf03c203e541e834c7f91777c544a8d73c2f19e850a3b29c7387b5edc5cae
x86_64
jbcs-httpd24-httpd-2.4.57-13.el8jbcs.x86_64.rpm SHA-256: 005a96f9fa43fb60f4b7348a13565ba33429a227733637772fe487ff7a59f18f
jbcs-httpd24-httpd-debuginfo-2.4.57-13.el8jbcs.x86_64.rpm SHA-256: fcbd6d5ea94073b98ce6b1647bed8cfb625390b514e7133dd92386b8cc691dab
jbcs-httpd24-httpd-devel-2.4.57-13.el8jbcs.x86_64.rpm SHA-256: 2c1810ebd5437da5374280ead2dc14fa9b9f787a6a5e3cd1265149b0300fee15
jbcs-httpd24-httpd-manual-2.4.57-13.el8jbcs.noarch.rpm SHA-256: 51475b1b616965a6f26db6c5458e63204d16aec8fd7f5ec5a6f8c67eab3ea288
jbcs-httpd24-httpd-selinux-2.4.57-13.el8jbcs.x86_64.rpm SHA-256: ee9ad3cc66e05e1e3ff0c7ec9368cf60b0c8176458fefac9c696021b6707a590
jbcs-httpd24-httpd-tools-2.4.57-13.el8jbcs.x86_64.rpm SHA-256: 2a3b61a07af8578c375d103ea83434c69d2754ca55c9e1021bc39894e935f462
jbcs-httpd24-httpd-tools-debuginfo-2.4.57-13.el8jbcs.x86_64.rpm SHA-256: 8731652f672dd08d120110953f1844322c479fdad0342eb9a8f2a81480a4f1d9
jbcs-httpd24-mod_http2-1.15.19-41.el8jbcs.x86_64.rpm SHA-256: b21d4f7992d85a62e57cdb98da08ca363128cdfba67dc9dbf920573f14acc113
jbcs-httpd24-mod_http2-debuginfo-1.15.19-41.el8jbcs.x86_64.rpm SHA-256: 4630e7461c42e81fb068713ccea880aed5ff233dd8fb6965ccc67769dead981e
jbcs-httpd24-mod_jk-ap24-1.2.49-11.redhat_1.el8jbcs.x86_64.rpm SHA-256: 37fa2b37b0bea2820a891601f679c36f051dc2dd6475f21fbacf299143ba2c5e
jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.49-11.redhat_1.el8jbcs.x86_64.rpm SHA-256: 56975597bd4766bb9972470a40947ac81a239c3eb9ccf8008b668426292a1121
jbcs-httpd24-mod_ldap-2.4.57-13.el8jbcs.x86_64.rpm SHA-256: 4d097a0758f0fc4e3cd4ed0b6336ae36fb8c75235e29a1ac587019f543524e3c
jbcs-httpd24-mod_ldap-debuginfo-2.4.57-13.el8jbcs.x86_64.rpm SHA-256: 43dc0f97050f695c8fc0d7b6bb9735f1e22dafc8a14e922e99f5c0909183c1c4
jbcs-httpd24-mod_md-2.4.24-11.el8jbcs.x86_64.rpm SHA-256: 26994e733bf2e1cd2c92891375974f4e58e6e2e81e748ccd10b54682a9d51841
jbcs-httpd24-mod_md-debuginfo-2.4.24-11.el8jbcs.x86_64.rpm SHA-256: bc33efa9d558f726f23b81627a9aa169a493939d4ad25a4867dfd87da4cf1d6d
jbcs-httpd24-mod_proxy_cluster-1.3.20-8.el8jbcs.x86_64.rpm SHA-256: d58e3134da38488dfe882a703bb2b5f9bdfc32e815ef483fa9ecc933df0fe366
jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.20-8.el8jbcs.x86_64.rpm SHA-256: ca0fe0c451a5935068335ababe6f7f133681a888f8555af7213601f9da8568ba
jbcs-httpd24-mod_proxy_html-2.4.57-13.el8jbcs.x86_64.rpm SHA-256: c61c40afce92272623d19c720161d2df27544fcce081a6d940b04b117c0d4b26
jbcs-httpd24-mod_proxy_html-debuginfo-2.4.57-13.el8jbcs.x86_64.rpm SHA-256: f5cc82963780348477b810e528669e74ed8c2c9594519a45bc2a9cdd23a651c5
jbcs-httpd24-mod_security-2.9.3-40.el8jbcs.x86_64.rpm SHA-256: 51a754efda56b3f0e5e77bbabf3dd74e37e2f8ab70b75805a43463b664ef16b7
jbcs-httpd24-mod_security-debuginfo-2.9.3-40.el8jbcs.x86_64.rpm SHA-256: 4598ff9735436e331163e03a7868a584abf8f055d3f78b1e9433836bb0bb1479
jbcs-httpd24-mod_session-2.4.57-13.el8jbcs.x86_64.rpm SHA-256: 13eefb12f6afddac8822cde249bfe74d1fa095a9d2838e146f4238977e7e20b8
jbcs-httpd24-mod_session-debuginfo-2.4.57-13.el8jbcs.x86_64.rpm SHA-256: 06de6f30924b3bd031c888876b567613d769bb808c0a603ec4c509016c31c985
jbcs-httpd24-mod_ssl-2.4.57-13.el8jbcs.x86_64.rpm SHA-256: 22c8ac6f5153a9cad1777e76c89fa4fa8667b4fad6cb4e599716b290b2d1a4b3
jbcs-httpd24-mod_ssl-debuginfo-2.4.57-13.el8jbcs.x86_64.rpm SHA-256: 5380f14b6a21a7fb899d0b557075d6908d50f3c58bf048960611fde9591e3dbb

Red Hat JBoss Core Services 1 for RHEL 7

SRPM
jbcs-httpd24-httpd-2.4.57-13.el7jbcs.src.rpm SHA-256: a54dc1725aa39132e6f7bd1c96c8a02e46e46dcec5d0a95c622cd517fb751ece
jbcs-httpd24-mod_http2-1.15.19-41.el7jbcs.src.rpm SHA-256: 302d019efc9e67132e204e18aaf8e3e73c257d82668319dcccf0bcb1d2f6bdb5
jbcs-httpd24-mod_jk-1.2.49-11.redhat_1.el7jbcs.src.rpm SHA-256: e454a4c57c197db7b390d582e6fcdf3b099ace20593c5bb17543625f2316fb44
jbcs-httpd24-mod_md-2.4.24-11.el7jbcs.src.rpm SHA-256: ea772d6aefcd3ce5d19922d567bcc95f4bd6b379e4e38ee0dca2f3c70e56756b
jbcs-httpd24-mod_proxy_cluster-1.3.20-8.el7jbcs.src.rpm SHA-256: 42f1932002954c7c0198083c0b3a1dc4bd9c97d2e9e7dd6594f26bc391e76fc9
jbcs-httpd24-mod_security-2.9.3-40.el7jbcs.src.rpm SHA-256: 5a903bfe441f5270a1d1eebe904f14bca61036e6b1eb7fe53bd2a1fabd23f4a9
x86_64
jbcs-httpd24-httpd-2.4.57-13.el7jbcs.x86_64.rpm SHA-256: 0f0de7b453fbc93ae06830f2bbf4ef11069800d22cbd0a73a57a0c153995f8d7
jbcs-httpd24-httpd-debuginfo-2.4.57-13.el7jbcs.x86_64.rpm SHA-256: 5bc9437ba205d1e745cf972a5e9c793841be2ca8711543067d551cc60bfb5703
jbcs-httpd24-httpd-devel-2.4.57-13.el7jbcs.x86_64.rpm SHA-256: e738df3af3cc8702ececea981b6ce7aa76953c2c9442664959fabcccbc936a1a
jbcs-httpd24-httpd-manual-2.4.57-13.el7jbcs.noarch.rpm SHA-256: c2646589ccaabd12485d04d2251198f7d529260c00f11271783dab9d62a317fa
jbcs-httpd24-httpd-selinux-2.4.57-13.el7jbcs.x86_64.rpm SHA-256: e25dd55df9f7f1ff8fdfc09e31bf7c513821717819ccfb27e42989562de5e48e
jbcs-httpd24-httpd-tools-2.4.57-13.el7jbcs.x86_64.rpm SHA-256: 5fe61c3aae3da4e71733507633e6acb9755cc9b155bb2fca0f5d879a3baf31a7
jbcs-httpd24-mod_http2-1.15.19-41.el7jbcs.x86_64.rpm SHA-256: 14ebe14edcd8ed1f7d4dfb183bbc2da2aa068a99d94736d537e7238626fa5f3b
jbcs-httpd24-mod_http2-debuginfo-1.15.19-41.el7jbcs.x86_64.rpm SHA-256: 65033560f51b786bc5db5e1052792695a177e8a53e42e73785258d1feb0e5453
jbcs-httpd24-mod_jk-ap24-1.2.49-11.redhat_1.el7jbcs.x86_64.rpm SHA-256: 19b6b3e3bc7e5e8246bbbc902515d4050c02685a3121cb6b802d4e7902b18a3e
jbcs-httpd24-mod_jk-debuginfo-1.2.49-11.redhat_1.el7jbcs.x86_64.rpm SHA-256: 6335759c2c0fda1610c2db8dc5d102b9db89ec33cf6b606e2de6cac3db6469e1
jbcs-httpd24-mod_ldap-2.4.57-13.el7jbcs.x86_64.rpm SHA-256: 22995cacfee7924266788606d5b4e40c58c0da1443c83d8316839a8805c332cc
jbcs-httpd24-mod_md-2.4.24-11.el7jbcs.x86_64.rpm SHA-256: cead3b9a201681fa6cad099ecffdd1a804915f013f597bde4d17945fa2885a23
jbcs-httpd24-mod_md-debuginfo-2.4.24-11.el7jbcs.x86_64.rpm SHA-256: 7bb9296f170f25592429ef700b46d63cd26536203359a7bf0eb86db36d0f8deb
jbcs-httpd24-mod_proxy_cluster-1.3.20-8.el7jbcs.x86_64.rpm SHA-256: 8c74422663aee72cba7a0436d472a252c8eed53898de74153fef9a2ebb977131
jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.20-8.el7jbcs.x86_64.rpm SHA-256: fa22f7763b5925198e3453d759858da24ac67746708a93403074db72cbc3e81e
jbcs-httpd24-mod_proxy_html-2.4.57-13.el7jbcs.x86_64.rpm SHA-256: 9bfcbdbf11f464f6f0e43c7f4ed632734bb9c7290b8d35ae34b6e9cbab0975ca
jbcs-httpd24-mod_security-2.9.3-40.el7jbcs.x86_64.rpm SHA-256: b40b0fcdc9c753055087987752c49f155805317ea4df7d23f7de61ff3b1263b1
jbcs-httpd24-mod_security-debuginfo-2.9.3-40.el7jbcs.x86_64.rpm SHA-256: 1ea773c8bb755d4c6b5aca17b6795df86b35735c01d91b462ae2f018aee9a3f7
jbcs-httpd24-mod_session-2.4.57-13.el7jbcs.x86_64.rpm SHA-256: ccb2ddf045fd4c383ba863e8e0dc886e9a475bc5f897fc135ece7623dee78403
jbcs-httpd24-mod_ssl-2.4.57-13.el7jbcs.x86_64.rpm SHA-256: 9fda6c570ac770a495ef6454aeea79841f2d943f6647d7b798b2853ca0406410

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility