In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a Session header. This comes from the HTTP_SESSION variable name used by mod_session to forward its data to CGIs, since the prefix HTTP_ is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | 2.4.0 (including) | 2.4.29 (including) |
JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-0:1-6.jbcs.el6 | * |
JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6 | * |
JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6 | * |
JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6 | * |
JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6 | * |
JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6 | * |
JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6 | * |
JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6 | * |
JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6 | * |
JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-0:1-6.jbcs.el7 | * |
JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7 | * |
JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7 | * |
JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7 | * |
JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7 | * |
JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7 | * |
JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7 | * |
JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7 | * |
JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7 | * |
Red Hat Enterprise Linux 7 | RedHat | httpd-0:2.4.6-95.el7 | * |
Red Hat JBoss Core Services 1 | RedHat | httpd | * |
Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | httpd24-curl-0:7.61.1-1.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | httpd24-httpd-0:2.4.34-7.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | httpd24-nghttp2-0:1.7.1-7.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | httpd24-curl-0:7.61.1-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | httpd24-httpd-0:2.4.34-7.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | httpd24-nghttp2-0:1.7.1-7.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | httpd24-curl-0:7.61.1-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | httpd24-httpd-0:2.4.34-7.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | httpd24-nghttp2-0:1.7.1-7.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | httpd24-curl-0:7.61.1-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | httpd24-httpd-0:2.4.34-7.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | httpd24-nghttp2-0:1.7.1-7.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | httpd24-curl-0:7.61.1-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | httpd24-httpd-0:2.4.34-7.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | httpd24-nghttp2-0:1.7.1-7.el7 | * |
Apache2 | Ubuntu | artful | * |
Apache2 | Ubuntu | bionic | * |
Apache2 | Ubuntu | devel | * |
Apache2 | Ubuntu | trusty | * |
Apache2 | Ubuntu | upstream | * |
Apache2 | Ubuntu | xenial | * |