製品・ソフトウェアに関する情報

JVN脆弱性詳細

Apache HTTP Web Server 2.4 における複数の脆弱性に対するアップデート

タイトル	Apache HTTP Web Server 2.4 における複数の脆弱性に対するアップデート
概要	The Apache Software Foundation から、Apache HTTP Web Server 2.4 系における次の複数の脆弱性に対応した Apache HTTP Web Server 2.4.46 が公開されました。 * Cache-Digest の値を細工された HTTP/2 リクエストを処理することで Push Diary がクラッシュする脆弱性 - CVE-2020-9490 * mod_proxy_uwsgi にバッファオーバーフローの脆弱性 - CVE-2020-11984 * mod_remoteip および mod_rewrite を用いる特定の設定を行って動作させている場合に、ログや PHP スクリプトで参照される IP アドレスが偽装可能な脆弱性 - CVE-2020-11985 * HTTP/2 モジュールで trace/debug が有効な場合、特定の通信に対してログを処理する際にメモリプールに競合が生じる脆弱性 - CVE-2020-11993 なお開発者によると、CVE-2020-11985 は Apache HTTP Web Server 2.4.24 で修正されましたが、今回あらためて CVE を割り当てたとのことです。詳しくは、<a href="https://httpd.apache.org/security/vulnerabilities_24.html">開発者が提供する情報</a>をご確認ください。
想定される影響	想定される影響は各脆弱性により異なりますが、次のような影響を受ける可能性があります。 * サービス運用妨害 (DoS) - CVE-2020-9490、CVE-2020-11993 * 任意のコード実行 - CVE-2020-11984 * 情報漏えい - CVE-2020-11985
対策	[アップデートする] <a href="https://downloads.apache.org/httpd/Announcement2.4.html">開発者が提供する情報</a>をもとに、最新版へアップデートしてください。
公表日	2020年8月13日0:00
登録日	2020年8月14日10:42
最終更新日	2021年8月10日17:21

影響を受けるシステム

Apache Software Foundation

Apache HTTP Server 2.4.1 から 2.4.23 - CVE-2020-11985

Apache HTTP Server 2.4.20 から 2.4.43 - CVE-2020-9490、CVE-2020-11993

Apache HTTP Server 2.4.32 から 2.4.43 - CVE-2020-11984

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-11984	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984
2	CVE-2020-11985	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11985
3	CVE-2020-11993	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993
4	CVE-2020-9490	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490
National Vulnerability Database (NVD)
5	CVE-2020-11984	https://nvd.nist.gov/vuln/detail/CVE-2020-11984
6	CVE-2020-11985	https://nvd.nist.gov/vuln/detail/CVE-2020-11985
7	CVE-2020-11993	https://nvd.nist.gov/vuln/detail/CVE-2020-11993
8	CVE-2020-9490	https://nvd.nist.gov/vuln/detail/CVE-2020-9490

ベンダー情報

No	名前	URL
Apache Software Foundation
1	Apache HTTP Server 2.4.46 Released	https://downloads.apache.org/httpd/Announcement2.4.html
2	Fixed in Apache httpd 2.4.44	https://httpd.apache.org/security/vulnerabilities_24.html#2.4.44
NEC製品セキュリティ情報
3	Apache HTTP Web Server 2.4 における複数の脆弱性に対するアップデート	https://jpn.nec.com/security-info/secinfo/nv20-013.html

その他

No	名前	URL
JVN
1	JVNVU#92184689	http://jvn.jp/cert/JVNVU92184689

変更履歴

No	変更内容	変更日
1	[2020年08月14日] 掲載	2020年8月14日10:42
2	[2021年08月10日] ベンダ情報：日本電気 (Apache HTTP Web Server 2.4 における複数の脆弱性に対するアップデート) を追加	2021年8月10日16:14

NVD脆弱性情報

CVE-2020-11984

概要	Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
公表日	2020年8月8日1:15
登録日	2021年1月26日10:40
最終更新日	2024年11月21日13:59

影響を受けるソフトウェアの構成

構成1		以上	以下	より上	未満
cpe:2.3:a:apache:http_server::::::::		2.4.32	2.4.43

構成2		以上	以下	より上	未満
cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*

構成3	以上	以下	より上	未満
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::

構成4	以上	以下	より上	未満
cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*

構成5	以上	以下	より上	未満
cpe:2.3:o:fedoraproject:fedora:31:::::::*
cpe:2.3:o:fedoraproject:fedora:32:::::::*

構成6	以上	以下	より上	未満
cpe:2.3:o:opensuse:leap:15.1:::::::*
cpe:2.3:o:opensuse:leap:15.2:::::::*

構成7	以上	以下	より上	未満
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:::::::*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager::::::::	8.2.0	8.2.2
cpe:2.3:a:oracle:communications_session_report_manager::::::::	8.2.0	8.2.2
cpe:2.3:a:oracle:communications_element_manager::::::::	8.2.0	8.2.2
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

関連情報、対策とツール

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html	Mailing List Third Party Advisory
3	http://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html	Exploit Third Party Advisory VDB Entry
4	http://www.openwall.com/lists/oss-security/2020/08/08/1	Mailing List Third Party Advisory
5	http://www.openwall.com/lists/oss-security/2020/08/08/10	Mailing List Third Party Advisory
6	http://www.openwall.com/lists/oss-security/2020/08/08/8	Mailing List Third Party Advisory
7	http://www.openwall.com/lists/oss-security/2020/08/08/9	Mailing List Third Party Advisory
8	http://www.openwall.com/lists/oss-security/2020/08/10/5	Mailing List Vendor Advisory
9	http://www.openwall.com/lists/oss-security/2020/08/17/2	Mailing List Third Party Advisory
10	https://httpd.apache.org/security/vulnerabilities_24.html	Vendor Advisory
11	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
12	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
13	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E
14	https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255%40%3Ccvs.httpd.apache.org%3E
15	https://lists.apache.org/thread.html/r34753590ae8e3f2b6af689af4fe84269b592f5fda9f3244fd9abbce8%40%3Ccvs.httpd.apache.org%3E
16	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
17	https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E
18	https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E
19	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
20	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
21	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
22	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
23	https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9%40%3Ccvs.httpd.apache.org%3E
24	https://lists.debian.org/debian-lts-announce/2020/09/msg00001.html	Mailing List Third Party Advisory
25	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/
26	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/
27	https://security.gentoo.org/glsa/202008-04	Third Party Advisory
28	https://security.netapp.com/advisory/ntap-20200814-0005/	Third Party Advisory
29	https://usn.ubuntu.com/4458-1/	Third Party Advisory
30	https://www.debian.org/security/2020/dsa-4757	Third Party Advisory
31	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
32	https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
33	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html	Mailing List Third Party Advisory
34	https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
35	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
36	https://www.debian.org/security/2020/dsa-4757	Third Party Advisory
37	https://usn.ubuntu.com/4458-1/	Third Party Advisory
38	https://security.netapp.com/advisory/ntap-20200814-0005/	Third Party Advisory
39	https://security.gentoo.org/glsa/202008-04	Third Party Advisory
40	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/
41	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/
42	https://lists.debian.org/debian-lts-announce/2020/09/msg00001.html	Mailing List Third Party Advisory
43	https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9%40%3Ccvs.httpd.apache.org%3E
44	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
45	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
46	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
47	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
48	https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E
49	https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E
50	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
51	https://lists.apache.org/thread.html/r34753590ae8e3f2b6af689af4fe84269b592f5fda9f3244fd9abbce8%40%3Ccvs.httpd.apache.org%3E
52	https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255%40%3Ccvs.httpd.apache.org%3E
53	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E
54	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
55	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
56	https://httpd.apache.org/security/vulnerabilities_24.html	Vendor Advisory
57	http://www.openwall.com/lists/oss-security/2020/08/17/2	Mailing List Third Party Advisory
58	http://www.openwall.com/lists/oss-security/2020/08/10/5	Mailing List Vendor Advisory
59	http://www.openwall.com/lists/oss-security/2020/08/08/9	Mailing List Third Party Advisory
60	http://www.openwall.com/lists/oss-security/2020/08/08/8	Mailing List Third Party Advisory
61	http://www.openwall.com/lists/oss-security/2020/08/08/10	Mailing List Third Party Advisory
62	http://www.openwall.com/lists/oss-security/2020/08/08/1	Mailing List Third Party Advisory
63	http://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html	Exploit Third Party Advisory VDB Entry
64	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html	Mailing List Third Party Advisory

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-120	古典的バッファオーバーフロー	https://cwe.mitre.org/data/definitions/120.html

CVE-2020-11985

概要	IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.
公表日	2020年8月8日1:15
登録日	2021年1月26日10:40
最終更新日	2024年11月21日13:59

影響を受けるソフトウェアの構成

構成1		以上	以下	より上	未満
cpe:2.3:a:apache:http_server::::::::		2.4.1	2.4.23

関連情報、対策とツール

No	URL	タグ
1	https://httpd.apache.org/security/vulnerabilities_24.html	Vendor Advisory
2	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
3	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E
4	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
5	https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
6	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
7	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
8	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
9	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
10	https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
11	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
12	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/
13	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/
14	https://security.gentoo.org/glsa/202008-04	Third Party Advisory
15	https://security.netapp.com/advisory/ntap-20200827-0002/
16	https://www.oracle.com/security-alerts/cpujan2021.html
17	https://httpd.apache.org/security/vulnerabilities_24.html	Vendor Advisory
18	https://www.oracle.com/security-alerts/cpujan2021.html
19	https://security.netapp.com/advisory/ntap-20200827-0002/
20	https://security.gentoo.org/glsa/202008-04	Third Party Advisory
21	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/
22	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/
23	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
24	https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
25	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
26	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
27	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
28	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
29	https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
30	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
31	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E
32	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-345	データの信頼性についての不十分な検証	https://cwe.mitre.org/data/definitions/345.html

CVE-2020-11993

概要	Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.
公表日	2020年8月8日1:15
登録日	2021年1月26日10:40
最終更新日	2024年11月21日13:59

影響を受けるソフトウェアの構成

構成1		以上	以下	より上	未満
cpe:2.3:a:apache:http_server::::::::		2.4.20	2.4.43

構成2		以上	以下	より上	未満
cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*

構成3	以上	以下	より上	未満
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::

構成4	以上	以下	より上	未満
cpe:2.3:o:opensuse:leap:15.1:::::::*
cpe:2.3:o:opensuse:leap:15.2:::::::*

構成5		以上	以下	より上	未満
cpe:2.3:o:debian:debian_linux:10.0:::::::*

構成6	以上	以下	より上	未満
cpe:2.3:o:fedoraproject:fedora:31:::::::*
cpe:2.3:o:fedoraproject:fedora:32:::::::*

構成7	以上	以下	より上	未満
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:::::::*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager::::::::	8.2.0	8.2.2
cpe:2.3:a:oracle:communications_session_report_manager::::::::	8.2.0	8.2.2
cpe:2.3:a:oracle:communications_element_manager::::::::	8.2.0	8.2.2
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

関連情報、対策とツール

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html	Mailing List Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html	Mailing List Third Party Advisory
4	http://packetstormsecurity.com/files/160393/Apache-2-HTTP2-Module-Concurrent-Pool-Usage.html	Exploit Third Party Advisory VDB Entry
5	https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993	Vendor Advisory
6	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
7	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E
8	https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255%40%3Ccvs.httpd.apache.org%3E
9	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
10	https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E
11	https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E
12	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
13	https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71%40%3Cdev.httpd.apache.org%3E
14	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
15	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
16	https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E
17	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
18	https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9%40%3Ccvs.httpd.apache.org%3E
19	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/
20	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/
21	https://security.gentoo.org/glsa/202008-04	Third Party Advisory
22	https://security.netapp.com/advisory/ntap-20200814-0005/	Third Party Advisory
23	https://usn.ubuntu.com/4458-1/	Third Party Advisory
24	https://www.debian.org/security/2020/dsa-4757	Third Party Advisory
25	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
26	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory
27	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html	Mailing List Third Party Advisory
28	https://www.oracle.com/security-alerts/cpuoct2020.html	Vendor Advisory
29	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
30	https://www.debian.org/security/2020/dsa-4757	Third Party Advisory
31	https://usn.ubuntu.com/4458-1/	Third Party Advisory
32	https://security.netapp.com/advisory/ntap-20200814-0005/	Third Party Advisory
33	https://security.gentoo.org/glsa/202008-04	Third Party Advisory
34	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/
35	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/
36	https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9%40%3Ccvs.httpd.apache.org%3E
37	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
38	https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E
39	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
40	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
41	https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71%40%3Cdev.httpd.apache.org%3E
42	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
43	https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E
44	https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E
45	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
46	https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255%40%3Ccvs.httpd.apache.org%3E
47	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E
48	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
49	https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993	Vendor Advisory
50	http://packetstormsecurity.com/files/160393/Apache-2-HTTP2-Module-Concurrent-Pool-Usage.html	Exploit Third Party Advisory VDB Entry
51	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html	Mailing List Third Party Advisory
52	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html	Mailing List Third Party Advisory

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-444	HTTP リクエストスマグリング	https://cwe.mitre.org/data/definitions/444.html

CVE-2020-9490

概要	Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
公表日	2020年8月8日1:15
登録日	2021年1月26日10:40
最終更新日	2024年11月21日14:40

影響を受けるソフトウェアの構成

構成1		以上	以下	より上	未満
cpe:2.3:a:apache:http_server::::::::		2.4.20			2.4.46

構成2	以上	以下	より上	未満
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:::::::*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager::::::::	8.2.0	8.2.2
cpe:2.3:a:oracle:communications_session_report_manager::::::::	8.2.0	8.2.2
cpe:2.3:a:oracle:communications_element_manager::::::::	8.2.0	8.2.2
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

構成3	以上	以下	より上	未満
cpe:2.3:o:opensuse:leap:15.1:::::::*
cpe:2.3:o:opensuse:leap:15.2:::::::*

構成4		以上	以下	より上	未満
cpe:2.3:o:debian:debian_linux:10.0:::::::*

構成5	以上	以下	より上	未満
cpe:2.3:o:fedoraproject:fedora:31:::::::*
cpe:2.3:o:fedoraproject:fedora:32:::::::*

構成6	以上	以下	より上	未満
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

構成7		以上	以下	より上	未満
cpe:2.3:a:redhat:software_collections:1.0:::::::*
実行環境
1	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
2	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
3	cpe:2.3:o:redhat:enterprise_linux:7.6:::::::*
4	cpe:2.3:o:redhat:enterprise_linux:7.7:::::::*

構成8	以上	以下	より上	未満
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
cpe:2.3:a:redhat:openstack:16.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:::::::*
cpe:2.3:a:redhat:openstack_for_ibm_power:16.1:::::::*

関連情報、対策とツール

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html	Mailing List Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html	Mailing List Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html	Mailing List Third Party Advisory
7	http://packetstormsecurity.com/files/160392/Apache-2.4.43-mod_http2-Memory-Corruption.html	Third Party Advisory VDB Entry
8	http://packetstormsecurity.com/files/160392/Apache-2.4.43-mod_http2-Memory-Corruption.html	Third Party Advisory VDB Entry
9	https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490	Vendor Advisory
10	https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490	Vendor Advisory
11	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
12	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
13	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E
14	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E
15	https://lists.apache.org/thread.html/r0b6541c5fb2f8fb383861333400add7def625bc993300300de0b4f8d%40%3Ccvs.httpd.apache.org%3E
16	https://lists.apache.org/thread.html/r0b6541c5fb2f8fb383861333400add7def625bc993300300de0b4f8d%40%3Ccvs.httpd.apache.org%3E
17	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
18	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
19	https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E
20	https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E
21	https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E
22	https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E
23	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
24	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
25	https://lists.apache.org/thread.html/r97d0faab6ed8fd0d439234b16d05d77b22a07b0c4817e7b3cca419cc%40%3Ccvs.httpd.apache.org%3E
26	https://lists.apache.org/thread.html/r97d0faab6ed8fd0d439234b16d05d77b22a07b0c4817e7b3cca419cc%40%3Ccvs.httpd.apache.org%3E
27	https://lists.apache.org/thread.html/r9e485ce5a01c9dc3d4d785a7d28aa7400ead1e81884034ff1f03cfee%40%3Ccvs.httpd.apache.org%3E
28	https://lists.apache.org/thread.html/r9e485ce5a01c9dc3d4d785a7d28aa7400ead1e81884034ff1f03cfee%40%3Ccvs.httpd.apache.org%3E
29	https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71%40%3Cdev.httpd.apache.org%3E
30	https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71%40%3Cdev.httpd.apache.org%3E
31	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
32	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
33	https://lists.apache.org/thread.html/ra4da876037477c06f2677d7a1e10b5a8613000fca99c813958070fe9%40%3Ccvs.httpd.apache.org%3E
34	https://lists.apache.org/thread.html/ra4da876037477c06f2677d7a1e10b5a8613000fca99c813958070fe9%40%3Ccvs.httpd.apache.org%3E
35	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
36	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
37	https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E
38	https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E
39	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
40	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
41	https://lists.apache.org/thread.html/rfed9fea918e090383da33e393eb6c2755fccf05032bd7d6eb4737c9e%40%3Ccvs.httpd.apache.org%3E
42	https://lists.apache.org/thread.html/rfed9fea918e090383da33e393eb6c2755fccf05032bd7d6eb4737c9e%40%3Ccvs.httpd.apache.org%3E
43	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/
44	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/
45	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/
46	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/
47	https://security.gentoo.org/glsa/202008-04	Third Party Advisory
48	https://security.gentoo.org/glsa/202008-04	Third Party Advisory
49	https://security.netapp.com/advisory/ntap-20200814-0005/	Third Party Advisory
50	https://security.netapp.com/advisory/ntap-20200814-0005/	Third Party Advisory
51	https://usn.ubuntu.com/4458-1/	Third Party Advisory
52	https://usn.ubuntu.com/4458-1/	Third Party Advisory
53	https://www.debian.org/security/2020/dsa-4757	Third Party Advisory
54	https://www.debian.org/security/2020/dsa-4757	Third Party Advisory
55	https://www.oracle.com/security-alerts/cpujan2021.html	Patch Third Party Advisory
56	https://www.oracle.com/security-alerts/cpujan2021.html	Patch Third Party Advisory
57	https://www.oracle.com/security-alerts/cpuoct2020.html	Patch Third Party Advisory
58	https://www.oracle.com/security-alerts/cpuoct2020.html	Patch Third Party Advisory

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-444	HTTP リクエストスマグリング	https://cwe.mitre.org/data/definitions/444.html

構成8	以上	以下	より上	未満
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
cpe:2.3:a:redhat:openstack:16.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:::::::*
cpe:2.3:a:redhat:openstack_for_ibm_power:16.1:::::::*