Table of Contents
Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
|CVSS3 Base Score||3.3|
|CVSS3 Base Metrics||CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L|
Affected Packages State
|Red Hat Virtualization 4||rhvm-appliance||Not affected|
|Red Hat Software Collections for Red Hat Enterprise Linux||httpd24-httpd||Affected|
|Red Hat JBoss EWS 2||httpd||Under investigation|
|Red Hat JBoss Core Services 1||httpd||Under investigation|
|Red Hat Enterprise Linux 8||httpd:2.4/httpd||Affected|
|Red Hat Enterprise Linux 7||httpd||Affected|
|Red Hat Enterprise Linux 6||httpd||Out of support scope|
|Red Hat Enterprise Linux 5||httpd||Under investigation|
This flaw can be mitigation by replacing multiple consecutive slashes, used in directives that match against the path component of the request URL with regular expressions.
CVE description copyright © 2017, The MITRE Corporation