Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-9798 (GCVE-0-2017-9798)
Vulnerability from cvelistv5
Published
2017-09-18 15:00
Modified
2024-08-05 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- use-after-free
Summary
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Version: Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:3113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name": "100872",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100872"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "RHSA-2017:2882",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2882"
},
{
"name": "RHSA-2017:2972",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2972"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208331"
},
{
"name": "1039387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039387"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"name": "RHSA-2017:3475",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hannob/optionsbleed"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223\u0026r2=1807754\u0026pathrev=1807754\u0026view=patch"
},
{
"name": "RHSA-2017:3240",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"name": "RHSA-2017:3195",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"name": "RHSA-2017:3018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2017:3239",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"name": "RHSA-2017:3476",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"name": "105598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105598"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2017:3114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"name": "RHSA-2017:3477",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/09/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180601-0003/"
},
{
"name": "RHSA-2017:3194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-9798"
},
{
"name": "RHSA-2017:3193",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"name": "DSA-3980",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3980"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
},
{
"name": "42745",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42745/"
},
{
"name": "GLSA-201710-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27"
}
]
}
],
"datePublic": "2017-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "use-after-free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:11:48",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "RHSA-2017:3113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name": "100872",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100872"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "RHSA-2017:2882",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2882"
},
{
"name": "RHSA-2017:2972",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2972"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208331"
},
{
"name": "1039387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039387"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"name": "RHSA-2017:3475",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hannob/optionsbleed"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223\u0026r2=1807754\u0026pathrev=1807754\u0026view=patch"
},
{
"name": "RHSA-2017:3240",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"name": "RHSA-2017:3195",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"name": "RHSA-2017:3018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2017:3239",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"name": "RHSA-2017:3476",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"name": "105598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105598"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2017:3114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"name": "RHSA-2017:3477",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/09/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180601-0003/"
},
{
"name": "RHSA-2017:3194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-9798"
},
{
"name": "RHSA-2017:3193",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"name": "DSA-3980",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3980"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
},
{
"name": "42745",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42745/"
},
{
"name": "GLSA-201710-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-9798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:3113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name": "100872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100872"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "RHSA-2017:2882",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2882"
},
{
"name": "RHSA-2017:2972",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2972"
},
{
"name": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"
},
{
"name": "https://support.apple.com/HT208331",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208331"
},
{
"name": "1039387",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039387"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"name": "RHSA-2017:3475",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"name": "https://github.com/hannob/optionsbleed",
"refsource": "MISC",
"url": "https://github.com/hannob/optionsbleed"
},
{
"name": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223\u0026r2=1807754\u0026pathrev=1807754\u0026view=patch",
"refsource": "MISC",
"url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223\u0026r2=1807754\u0026pathrev=1807754\u0026view=patch"
},
{
"name": "RHSA-2017:3240",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"name": "RHSA-2017:3195",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"name": "RHSA-2017:3018",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3018"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2017:3239",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"name": "RHSA-2017:3476",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"name": "105598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105598"
},
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2017:3114",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"name": "RHSA-2017:3477",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"name": "http://openwall.com/lists/oss-security/2017/09/18/2",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/09/18/2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180601-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180601-0003/"
},
{
"name": "RHSA-2017:3194",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-9798",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-9798"
},
{
"name": "RHSA-2017:3193",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"name": "DSA-3980",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3980"
},
{
"name": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
},
{
"name": "42745",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42745/"
},
{
"name": "GLSA-201710-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.tenable.com/security/tns-2019-09",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a",
"refsource": "MISC",
"url": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-9798",
"datePublished": "2017-09-18T15:00:00",
"dateReserved": "2017-06-21T00:00:00",
"dateUpdated": "2024-08-05T17:18:01.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-9798\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2017-09-18T15:29:00.307\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.\"},{\"lang\":\"es\",\"value\":\"Apache httpd permite que atacantes remotos lean datos secretos de la memoria de proceso si la directiva Limit se puede establecer en un archivo .htaccess del usuario o si existen ciertos errores de configuraci\u00f3n en httpd.conf. Esto tambi\u00e9n se conoce como Optionsbleed. Esta vulnerabilidad afecta a Apache HTTP Server hasta la versi\u00f3n 2.2.34 y a las versiones 2.4.x hasta la 2.4.27. El atacante env\u00eda una petici\u00f3n HTTP OPTIONS sin autenticar cuando intenta leer datos secretos. Este es un problema de uso de memoria previamente liberada y, por lo tanto, los datos secretos no siempre se env\u00edan y los datos espec\u00edficos dependen de muchos factores, entre los que se encuentra la configuraci\u00f3n. La explotaci\u00f3n con .htaccess puede bloquearse con un parche en la funci\u00f3n ap_limit_section en server/core.c.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.2.34\",\"matchCriteriaId\":\"FE75C79F-7F36-41C1-BF03-97416A06D81F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDC40E89-2D57-4988-913E-024BFB56B367\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FCD3C8C-9BF8-4F30-981A-593EEAEB9EDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"046487A3-752B-4D0F-8984-96486B828EAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89D2E052-51CD-4B57-A8B8-FAE51988D654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAA27058-BACF-4F94-8E3C-7D38EC302EC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FEAB0DF-04A9-4F99-8666-0BADC5D642B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7D924D1-8A36-4C43-9E56-52814F9A6350\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39CDFECC-E26D-47E0-976F-6629040B3764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3ECBCB1-0675-41F5-857B-438F36925F63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB6CBFBF-74F6-42AF-BC79-AA53EA75F00B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8717A96B-9DB5-48D6-A2CF-A5E2B26AF3F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1F45B27-504B-4202-87B8-BD3B094003F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2FB2B98-DFD2-420A-8A7F-9B288651242F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B803D25B-0A19-4569-BA05-09D58F33917C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8510442C-212F-4013-85FA-E0AB59F6F2C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB5673AB-53BB-40B2-83A7-8B82B2D0EBB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBB3ED63-45CA-44AB-973C-9AD2569AD800\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF30AD98-9CBA-456E-A827-79FCEDEB30A1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://openwall.com/lists/oss-security/2017/09/18/2\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"VDB Entry\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3980\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100872\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/105598\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039387\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2882\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2972\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3018\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3113\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3114\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3193\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3194\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3195\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3239\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3240\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3475\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3476\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3477\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Patch\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Patch\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/hannob/optionsbleed\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2017-9798\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-32\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180601-0003/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/HT208331\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223\u0026r2=1807754\u0026pathrev=1807754\u0026view=patch\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/42745/\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-09\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2017/09/18/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"VDB Entry\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3980\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100872\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/105598\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039387\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2882\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2972\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3114\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3193\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3194\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3195\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3239\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3240\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3475\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3476\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3477\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/hannob/optionsbleed\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2017-9798\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180601-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/HT208331\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223\u0026r2=1807754\u0026pathrev=1807754\u0026view=patch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/42745/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
rhsa-2017:3477
Vulnerability from csaf_redhat
Published
2017-12-15 22:34
Modified
2025-08-03 17:31
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
Notes
Topic
An update is now available for JBoss Core Services on RHEL 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)
* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)
* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)
* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank Hanno Böck for reporting CVE-2017-9798.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for JBoss Core Services on RHEL 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3477",
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
},
{
"category": "external",
"summary": "1463194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194"
},
{
"category": "external",
"summary": "1463197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197"
},
{
"category": "external",
"summary": "1463207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "1506523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523"
},
{
"category": "external",
"summary": "JBCS-403",
"url": "https://issues.redhat.com/browse/JBCS-403"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3477.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update",
"tracking": {
"current_release_date": "2025-08-03T17:31:07+00:00",
"generator": {
"date": "2025-08-03T17:31:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:3477",
"initial_release_date": "2017-12-15T22:34:40+00:00",
"revision_history": [
{
"date": "2017-12-15T22:34:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-12-15T22:34:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T17:31:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.23-125.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-125.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.23-125.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.23-125.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-libs@2.4.23-125.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.23-125.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.23-125.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.23-125.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.23-125.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.23-125.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-15.GA.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-15.GA.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_1.jbcs.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.23-125.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-125.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.23-125.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.23-125.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-libs@2.4.23-125.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.23-125.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.23-125.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.23-125.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.23-125.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.23-125.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-15.GA.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-15.GA.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_1.jbcs.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-125.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-15.GA.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_1.jbcs.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.23-125.jbcs.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-3167",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463194"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: ap_get_basic_auth_pw() authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3167"
},
{
"category": "external",
"summary": "RHBZ#1463194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:34:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: ap_get_basic_auth_pw() authentication bypass"
},
{
"cve": "CVE-2017-3169",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463197"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_ssl NULL pointer dereference",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3169"
},
{
"category": "external",
"summary": "RHBZ#1463197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:34:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_ssl NULL pointer dereference"
},
{
"cve": "CVE-2017-7679",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463207"
}
],
"notes": [
{
"category": "description",
"text": "A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_mime buffer overread",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7679"
},
{
"category": "external",
"summary": "RHBZ#1463207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7679",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:34:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_mime buffer overread"
},
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:34:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
},
{
"cve": "CVE-2017-12613",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-10-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1506523"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr: Out-of-bounds array deref in apr_time_exp*() functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12613"
},
{
"category": "external",
"summary": "RHBZ#1506523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12613"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/apr/Announcement1.x.html",
"url": "http://www.apache.org/dist/apr/Announcement1.x.html"
}
],
"release_date": "2017-10-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:34:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apr: Out-of-bounds array deref in apr_time_exp*() functions"
}
]
}
rhsa-2017:3240
Vulnerability from csaf_redhat
Published
2017-11-16 19:27
Modified
2025-08-16 00:56
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.18 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[Updated 21st November 2017]
Previously, this erratum was marked as a replacement of the JBoss Enterprise Application Platform 6.4.16 Natives. This was incorrect; the erratum is an update, not a replacement. The erratum text has been modified to reflect this.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References.
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
This release of JBoss Enterprise Application Platform 6.4.18 Natives serves as an update to the JBoss Enterprise Application Platform 6.4.16 Natives and includes bug fixes which are documented in the Release Notes document linked to in the References.
All users of Red Hat JBoss Enterprise Application Platform 6.4 Natives are advised to upgrade to these updated packages.
Security Fix(es):
* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno Böck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as the original reporters of CVE-2016-2183.
Bug Fix(es):
* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1508880)
* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1508884)
* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1508885)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 21st November 2017]\nPreviously, this erratum was marked as a replacement of the JBoss Enterprise Application Platform 6.4.16 Natives. This was incorrect; the erratum is an update, not a replacement. The erratum text has been modified to reflect this.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nThis release of JBoss Enterprise Application Platform 6.4.18 Natives serves as an update to the JBoss Enterprise Application Platform 6.4.16 Natives and includes bug fixes which are documented in the Release Notes document linked to in the References.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 Natives are advised to upgrade to these updated packages.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno B\u00f6ck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es):\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1508880)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1508884)\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1508885)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3240",
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/3229231",
"url": "https://access.redhat.com/articles/3229231"
},
{
"category": "external",
"summary": "1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "1508880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508880"
},
{
"category": "external",
"summary": "1508884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508884"
},
{
"category": "external",
"summary": "1508885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508885"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3240.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.18 security update",
"tracking": {
"current_release_date": "2025-08-16T00:56:24+00:00",
"generator": {
"date": "2025-08-16T00:56:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:3240",
"initial_release_date": "2017-11-16T19:27:22+00:00",
"revision_history": [
{
"date": "2017-11-16T19:27:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-11-21T18:17:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-16T00:56:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"product_id": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.26-57.ep6.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"product_id": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl22@2.2.26-58.ep6.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-manual@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap22@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-tools@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-devel@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el6?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el6?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el6?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el6?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el6?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.26-57.ep6.el6.ppc64",
"product": {
"name": "httpd-0:2.2.26-57.ep6.el6.ppc64",
"product_id": "httpd-0:2.2.26-57.ep6.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"product": {
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"product_id": "httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-57.ep6.el6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"product": {
"name": "mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"product_id": "mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.2.26-57.ep6.el6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"product": {
"name": "httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"product_id": "httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.26-57.ep6.el6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"product": {
"name": "httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"product_id": "httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.26-57.ep6.el6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"product": {
"name": "mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"product_id": "mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.26-57.ep6.el6?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"product": {
"name": "httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"product_id": "httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.26-57.ep6.el6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"product": {
"name": "mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"product_id": "mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl22@2.2.26-58.ep6.el7?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"product": {
"name": "httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"product_id": "httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-manual@2.2.26-58.ep6.el7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"product": {
"name": "mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"product_id": "mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap22@2.2.26-58.ep6.el7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd22-0:2.2.26-58.ep6.el7.ppc64",
"product": {
"name": "httpd22-0:2.2.26-58.ep6.el7.ppc64",
"product_id": "httpd22-0:2.2.26-58.ep6.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.26-58.ep6.el7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"product": {
"name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"product_id": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.26-58.ep6.el7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"product": {
"name": "httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"product_id": "httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-tools@2.2.26-58.ep6.el7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"product": {
"name": "httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"product_id": "httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-devel@2.2.26-58.ep6.el7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el7?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.26-57.ep6.el6.src",
"product": {
"name": "httpd-0:2.2.26-57.ep6.el6.src",
"product_id": "httpd-0:2.2.26-57.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd22-0:2.2.26-58.ep6.el7.src",
"product": {
"name": "httpd22-0:2.2.26-58.ep6.el7.src",
"product_id": "httpd22-0:2.2.26-58.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.26-58.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "mod_ldap-0:2.2.26-57.ep6.el6.i386",
"product_id": "mod_ldap-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-tools-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-tools-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-devel-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-devel-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.26-57.ep6.el6.i386",
"product": {
"name": "mod_ssl-1:2.2.26-57.ep6.el6.i386",
"product_id": "mod_ssl-1:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.26-57.ep6.el6?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-manual-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-manual-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.26-57.ep6.el6?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.26-57.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64"
},
"product_reference": "httpd-0:2.2.26-57.ep6.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.26-57.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src"
},
"product_reference": "httpd-0:2.2.26-57.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-devel-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.26-57.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64"
},
"product_reference": "httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-manual-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.26-57.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64"
},
"product_reference": "httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-tools-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.26-57.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64"
},
"product_reference": "httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "mod_ldap-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.2.26-57.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64"
},
"product_reference": "mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386"
},
"product_reference": "mod_ssl-1:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.26-57.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64"
},
"product_reference": "mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.26-58.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64"
},
"product_reference": "httpd22-0:2.2.26-58.ep6.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.26-58.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src"
},
"product_reference": "httpd22-0:2.2.26-58.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64"
},
"product_reference": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.26-58.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64"
},
"product_reference": "httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-manual-0:2.2.26-58.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64"
},
"product_reference": "httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-tools-0:2.2.26-58.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64"
},
"product_reference": "httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap22-0:2.2.26-58.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64"
},
"product_reference": "mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.26-58.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64"
},
"product_reference": "mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-6.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"OpenVPN"
]
},
{
"names": [
"Karthikeyan Bhargavan",
"Ga\u00ebtan Leurent"
],
"organization": "Inria",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2183",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2016-08-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1369383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2183"
},
{
"category": "external",
"summary": "RHBZ#1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2548661",
"url": "https://access.redhat.com/articles/2548661"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2016:1940",
"url": "https://access.redhat.com/errata/RHSA-2016:1940"
},
{
"category": "external",
"summary": "https://sweet32.info/",
"url": "https://sweet32.info/"
}
],
"release_date": "2016-08-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-16T19:27:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. The JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"category": "workaround",
"details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961",
"product_ids": [
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)"
},
{
"cve": "CVE-2017-9788",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2017-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1470748"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Uninitialized memory reflection in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9788"
},
{
"category": "external",
"summary": "RHBZ#1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27"
}
],
"release_date": "2017-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-16T19:27:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. The JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"category": "workaround",
"details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.",
"product_ids": [
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: Uninitialized memory reflection in mod_auth_digest"
},
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-16T19:27:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. The JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64",
"6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64",
"6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64",
"7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64",
"7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
}
]
}
rhsa-2017:3475
Vulnerability from csaf_redhat
Published
2017-12-15 22:23
Modified
2025-08-03 17:31
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
Notes
Topic
An update is now available for Red Hat JBoss Core Services.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as a replacement of Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes (including fixes from previous Service Pack 1 and 2), which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)
* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)
* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)
* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank Hanno Böck for reporting CVE-2017-9798.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Core Services.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as a replacement of Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes (including fixes from previous Service Pack 1 and 2), which are documented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3475",
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.23",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.23"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
},
{
"category": "external",
"summary": "1463194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194"
},
{
"category": "external",
"summary": "1463197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197"
},
{
"category": "external",
"summary": "1463207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "JBCS-404",
"url": "https://issues.redhat.com/browse/JBCS-404"
},
{
"category": "external",
"summary": "1506523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3475.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update",
"tracking": {
"current_release_date": "2025-08-03T17:31:06+00:00",
"generator": {
"date": "2025-08-03T17:31:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:3475",
"initial_release_date": "2017-12-15T22:23:06+00:00",
"revision_history": [
{
"date": "2017-12-15T22:23:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-12-15T22:23:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T17:31:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Text-Only JBCS",
"product": {
"name": "Text-Only JBCS",
"product_id": "Text-Only JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-3167",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463194"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: ap_get_basic_auth_pw() authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3167"
},
{
"category": "external",
"summary": "RHBZ#1463194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:23:06+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: ap_get_basic_auth_pw() authentication bypass"
},
{
"cve": "CVE-2017-3169",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463197"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_ssl NULL pointer dereference",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3169"
},
{
"category": "external",
"summary": "RHBZ#1463197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:23:06+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_ssl NULL pointer dereference"
},
{
"cve": "CVE-2017-7679",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463207"
}
],
"notes": [
{
"category": "description",
"text": "A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_mime buffer overread",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7679"
},
{
"category": "external",
"summary": "RHBZ#1463207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7679",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:23:06+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_mime buffer overread"
},
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:23:06+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
},
{
"cve": "CVE-2017-12613",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-10-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1506523"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr: Out-of-bounds array deref in apr_time_exp*() functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12613"
},
{
"category": "external",
"summary": "RHBZ#1506523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12613"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/apr/Announcement1.x.html",
"url": "http://www.apache.org/dist/apr/Announcement1.x.html"
}
],
"release_date": "2017-10-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:23:06+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically.",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apr: Out-of-bounds array deref in apr_time_exp*() functions"
}
]
}
rhsa-2017:3193
Vulnerability from csaf_redhat
Published
2017-11-13 17:35
Modified
2025-08-03 17:30
Summary
Red Hat Security Advisory: httpd security update
Notes
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)
* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)
* A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)
* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank Hanno Böck for reporting CVE-2017-9798.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for httpd is now available for Red Hat Enterprise Linux 7.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3193",
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1463194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194"
},
{
"category": "external",
"summary": "1463197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197"
},
{
"category": "external",
"summary": "1463205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205"
},
{
"category": "external",
"summary": "1463207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207"
},
{
"category": "external",
"summary": "1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3193.json"
}
],
"title": "Red Hat Security Advisory: httpd security update",
"tracking": {
"current_release_date": "2025-08-03T17:30:26+00:00",
"generator": {
"date": "2025-08-03T17:30:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:3193",
"initial_release_date": "2017-11-13T17:35:40+00:00",
"revision_history": [
{
"date": "2017-11-13T17:35:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-11-13T17:35:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T17:30:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.2::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product": {
"name": "Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.2::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.2::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"product_id": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-40.el7_2.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.6-40.el7_2.6.x86_64",
"product": {
"name": "mod_session-0:2.4.6-40.el7_2.6.x86_64",
"product_id": "mod_session-0:2.4.6-40.el7_2.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.6-40.el7_2.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"product": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"product_id": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-40.el7_2.6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"product": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"product_id": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.6-40.el7_2.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"product": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"product_id": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.6-40.el7_2.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"product": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"product_id": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.6-40.el7_2.6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"product": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"product_id": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.6-40.el7_2.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.4.6-40.el7_2.6.x86_64",
"product": {
"name": "httpd-0:2.4.6-40.el7_2.6.x86_64",
"product_id": "httpd-0:2.4.6-40.el7_2.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7_2.6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"product": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"product_id": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-40.el7_2.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.6-40.el7_2.6.s390x",
"product": {
"name": "mod_session-0:2.4.6-40.el7_2.6.s390x",
"product_id": "mod_session-0:2.4.6-40.el7_2.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.6-40.el7_2.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"product": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"product_id": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-40.el7_2.6?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"product": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"product_id": "mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.6-40.el7_2.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"product": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"product_id": "httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.6-40.el7_2.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"product": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"product_id": "mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.6-40.el7_2.6?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"product": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"product_id": "httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.6-40.el7_2.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.4.6-40.el7_2.6.s390x",
"product": {
"name": "httpd-0:2.4.6-40.el7_2.6.s390x",
"product_id": "httpd-0:2.4.6-40.el7_2.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7_2.6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"product": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"product_id": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-40.el7_2.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.6-40.el7_2.6.ppc64",
"product": {
"name": "mod_session-0:2.4.6-40.el7_2.6.ppc64",
"product_id": "mod_session-0:2.4.6-40.el7_2.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.6-40.el7_2.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"product": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"product_id": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-40.el7_2.6?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"product": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"product_id": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.6-40.el7_2.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"product": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"product_id": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.6-40.el7_2.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"product": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"product_id": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.6-40.el7_2.6?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"product": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"product_id": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.6-40.el7_2.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.4.6-40.el7_2.6.ppc64",
"product": {
"name": "httpd-0:2.4.6-40.el7_2.6.ppc64",
"product_id": "httpd-0:2.4.6-40.el7_2.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7_2.6?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"product": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"product_id": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-40.el7_2.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"product": {
"name": "mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"product_id": "mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.6-40.el7_2.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"product": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"product_id": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-40.el7_2.6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"product": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"product_id": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.6-40.el7_2.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"product": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"product_id": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.6-40.el7_2.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"product": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"product_id": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.6-40.el7_2.6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"product": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"product_id": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.6-40.el7_2.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.4.6-40.el7_2.6.ppc64le",
"product": {
"name": "httpd-0:2.4.6-40.el7_2.6.ppc64le",
"product_id": "httpd-0:2.4.6-40.el7_2.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7_2.6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.6-40.el7_2.6.src",
"product": {
"name": "httpd-0:2.4.6-40.el7_2.6.src",
"product_id": "httpd-0:2.4.6-40.el7_2.6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7_2.6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"product": {
"name": "httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"product_id": "httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.4.6-40.el7_2.6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.src as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.src",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.6-40.el7_2.6.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch"
},
"product_reference": "httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "mod_session-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "mod_session-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "mod_session-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)",
"product_id": "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.src",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.6-40.el7_2.6.noarch as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch"
},
"product_reference": "httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "mod_session-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "mod_session-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "mod_session-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.src as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.src",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "httpd-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.6-40.el7_2.6.noarch as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch"
},
"product_reference": "httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "mod_session-0:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "mod_session-0:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "mod_session-0:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64"
},
"product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x"
},
"product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)",
"product_id": "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
},
"product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"relates_to_product_reference": "7Server-optional-7.2.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-3167",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463194"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: ap_get_basic_auth_pw() authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3167"
},
{
"category": "external",
"summary": "RHBZ#1463194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:35:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: ap_get_basic_auth_pw() authentication bypass"
},
{
"cve": "CVE-2017-3169",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463197"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_ssl NULL pointer dereference",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3169"
},
{
"category": "external",
"summary": "RHBZ#1463197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:35:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_ssl NULL pointer dereference"
},
{
"cve": "CVE-2017-7668",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463205"
}
],
"notes": [
{
"category": "description",
"text": "A buffer over-read flaw was found in the httpd\u0027s ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: ap_find_token() buffer overread",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7668"
},
{
"category": "external",
"summary": "RHBZ#1463205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7668",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7668"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:35:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: ap_find_token() buffer overread"
},
{
"cve": "CVE-2017-7679",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463207"
}
],
"notes": [
{
"category": "description",
"text": "A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_mime buffer overread",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7679"
},
{
"category": "external",
"summary": "RHBZ#1463207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7679",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:35:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_mime buffer overread"
},
{
"cve": "CVE-2017-9788",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2017-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1470748"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Uninitialized memory reflection in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9788"
},
{
"category": "external",
"summary": "RHBZ#1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27"
}
],
"release_date": "2017-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:35:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"category": "workaround",
"details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.",
"product_ids": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: Uninitialized memory reflection in mod_auth_digest"
},
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:35:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src",
"7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x",
"7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
}
]
}
rhsa-2017:3194
Vulnerability from csaf_redhat
Published
2017-11-13 17:36
Modified
2025-08-03 17:30
Summary
Red Hat Security Advisory: httpd security update
Notes
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7.3 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)
* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)
* A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)
* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank Hanno Böck for reporting CVE-2017-9798.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for httpd is now available for Red Hat Enterprise Linux 7.3 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3194",
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1463194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194"
},
{
"category": "external",
"summary": "1463197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197"
},
{
"category": "external",
"summary": "1463205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205"
},
{
"category": "external",
"summary": "1463207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207"
},
{
"category": "external",
"summary": "1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3194.json"
}
],
"title": "Red Hat Security Advisory: httpd security update",
"tracking": {
"current_release_date": "2025-08-03T17:30:31+00:00",
"generator": {
"date": "2025-08-03T17:30:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:3194",
"initial_release_date": "2017-11-13T17:36:28+00:00",
"revision_history": [
{
"date": "2017-11-13T17:36:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-11-13T17:36:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T17:30:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.3::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.3::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:7.3::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"product_id": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"product": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"product_id": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"product": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"product_id": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.6-45.el7_3.5.x86_64",
"product": {
"name": "mod_session-0:2.4.6-45.el7_3.5.x86_64",
"product_id": "mod_session-0:2.4.6-45.el7_3.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"product": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"product_id": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"product": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"product_id": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.4.6-45.el7_3.5.x86_64",
"product": {
"name": "httpd-0:2.4.6-45.el7_3.5.x86_64",
"product_id": "httpd-0:2.4.6-45.el7_3.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"product": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"product_id": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"product": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"product_id": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"product": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"product_id": "mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"product": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"product_id": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.6-45.el7_3.5.s390x",
"product": {
"name": "mod_session-0:2.4.6-45.el7_3.5.s390x",
"product_id": "mod_session-0:2.4.6-45.el7_3.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"product": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"product_id": "mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"product": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"product_id": "httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.4.6-45.el7_3.5.s390x",
"product": {
"name": "httpd-0:2.4.6-45.el7_3.5.s390x",
"product_id": "httpd-0:2.4.6-45.el7_3.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"product": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"product_id": "httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"product": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"product_id": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.5?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"product": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"product_id": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.5?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"product": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"product_id": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.5?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.6-45.el7_3.5.ppc64",
"product": {
"name": "mod_session-0:2.4.6-45.el7_3.5.ppc64",
"product_id": "mod_session-0:2.4.6-45.el7_3.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.5?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"product": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"product_id": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.5?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"product": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"product_id": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.5?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.4.6-45.el7_3.5.ppc64",
"product": {
"name": "httpd-0:2.4.6-45.el7_3.5.ppc64",
"product_id": "httpd-0:2.4.6-45.el7_3.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.5?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"product": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"product_id": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.5?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"product": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"product_id": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"product": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"product_id": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"product": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"product_id": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"product": {
"name": "mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"product_id": "mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"product": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"product_id": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"product": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"product_id": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.4.6-45.el7_3.5.ppc64le",
"product": {
"name": "httpd-0:2.4.6-45.el7_3.5.ppc64le",
"product_id": "httpd-0:2.4.6-45.el7_3.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"product": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"product_id": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"product": {
"name": "httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"product_id": "httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.4.6-45.el7_3.5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.6-45.el7_3.5.src",
"product": {
"name": "httpd-0:2.4.6-45.el7_3.5.src",
"product_id": "httpd-0:2.4.6-45.el7_3.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.src as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.src",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.6-45.el7_3.5.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch"
},
"product_reference": "httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "mod_session-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "mod_session-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "mod_session-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)",
"product_id": "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.src",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.6-45.el7_3.5.noarch as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch"
},
"product_reference": "httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "mod_session-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "mod_session-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "mod_session-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.src as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.src",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "httpd-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.6-45.el7_3.5.noarch as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch"
},
"product_reference": "httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "mod_session-0:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "mod_session-0:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "mod_session-0:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64"
},
"product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x"
},
"product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)",
"product_id": "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
},
"product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-3167",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463194"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: ap_get_basic_auth_pw() authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3167"
},
{
"category": "external",
"summary": "RHBZ#1463194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: ap_get_basic_auth_pw() authentication bypass"
},
{
"cve": "CVE-2017-3169",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463197"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_ssl NULL pointer dereference",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3169"
},
{
"category": "external",
"summary": "RHBZ#1463197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_ssl NULL pointer dereference"
},
{
"cve": "CVE-2017-7668",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463205"
}
],
"notes": [
{
"category": "description",
"text": "A buffer over-read flaw was found in the httpd\u0027s ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: ap_find_token() buffer overread",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7668"
},
{
"category": "external",
"summary": "RHBZ#1463205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7668",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7668"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: ap_find_token() buffer overread"
},
{
"cve": "CVE-2017-7679",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463207"
}
],
"notes": [
{
"category": "description",
"text": "A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_mime buffer overread",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7679"
},
{
"category": "external",
"summary": "RHBZ#1463207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7679",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_mime buffer overread"
},
{
"cve": "CVE-2017-9788",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2017-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1470748"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Uninitialized memory reflection in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9788"
},
{
"category": "external",
"summary": "RHBZ#1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27"
}
],
"release_date": "2017-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"category": "workaround",
"details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.",
"product_ids": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: Uninitialized memory reflection in mod_auth_digest"
},
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:36:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src",
"7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x",
"7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
}
]
}
rhsa-2017:3195
Vulnerability from csaf_redhat
Published
2017-11-13 17:35
Modified
2025-08-03 17:30
Summary
Red Hat Security Advisory: httpd security update
Notes
Topic
An update for httpd is now available for Red Hat Enterprise Linux 6.7 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)
* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)
* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank Hanno Böck for reporting CVE-2017-9798.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for httpd is now available for Red Hat Enterprise Linux 6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3195",
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1463194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194"
},
{
"category": "external",
"summary": "1463197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197"
},
{
"category": "external",
"summary": "1463207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207"
},
{
"category": "external",
"summary": "1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3195.json"
}
],
"title": "Red Hat Security Advisory: httpd security update",
"tracking": {
"current_release_date": "2025-08-03T17:30:36+00:00",
"generator": {
"date": "2025-08-03T17:30:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:3195",
"initial_release_date": "2017-11-13T17:35:58+00:00",
"revision_history": [
{
"date": "2017-11-13T17:35:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-11-13T17:35:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T17:30:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:6.7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:6.7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product": {
"name": "Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:6.7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.2.15-47.el6_7.5.x86_64",
"product": {
"name": "httpd-0:2.2.15-47.el6_7.5.x86_64",
"product_id": "httpd-0:2.2.15-47.el6_7.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"product": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"product_id": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.15-47.el6_7.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"product": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"product_id": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.15-47.el6_7.5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"product": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"product_id": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.2.15-47.el6_7.5.src",
"product": {
"name": "httpd-0:2.2.15-47.el6_7.5.src",
"product_id": "httpd-0:2.2.15-47.el6_7.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"product": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.15-47.el6_7.5.i686",
"product": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.i686",
"product_id": "httpd-devel-0:2.2.15-47.el6_7.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.15-47.el6_7.5.i686",
"product": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.i686",
"product_id": "mod_ssl-1:2.2.15-47.el6_7.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.15-47.el6_7.5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.15-47.el6_7.5.i686",
"product": {
"name": "httpd-0:2.2.15-47.el6_7.5.i686",
"product_id": "httpd-0:2.2.15-47.el6_7.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.15-47.el6_7.5.i686",
"product": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.i686",
"product_id": "httpd-tools-0:2.2.15-47.el6_7.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.15-47.el6_7.5?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"product": {
"name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"product_id": "httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.15-47.el6_7.5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"product": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"product_id": "mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.15-47.el6_7.5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"product": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.15-47.el6_7.5.s390x",
"product": {
"name": "httpd-0:2.2.15-47.el6_7.5.s390x",
"product_id": "httpd-0:2.2.15-47.el6_7.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"product": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"product_id": "httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.15-47.el6_7.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"product": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"product_id": "httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"product": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=s390"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.15-47.el6_7.5.s390",
"product": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.s390",
"product_id": "httpd-devel-0:2.2.15-47.el6_7.5.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"product": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"product_id": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.15-47.el6_7.5?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"product": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.15-47.el6_7.5.ppc64",
"product": {
"name": "httpd-0:2.2.15-47.el6_7.5.ppc64",
"product_id": "httpd-0:2.2.15-47.el6_7.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"product": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"product_id": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.15-47.el6_7.5?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"product": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"product_id": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"product": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"product": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"product_id": "httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.src as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.src",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch"
},
"product_reference": "httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686"
},
"product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686"
},
"product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)",
"product_id": "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6ComputeNode-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.src as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.src",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch"
},
"product_reference": "httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686"
},
"product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686"
},
"product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)",
"product_id": "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.src as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.src",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "httpd-0:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch"
},
"product_reference": "httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686"
},
"product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686"
},
"product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.i686",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64"
},
"product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x"
},
"product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"relates_to_product_reference": "6Server-6.7.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
},
"product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"relates_to_product_reference": "6Server-6.7.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-3167",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463194"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: ap_get_basic_auth_pw() authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3167"
},
{
"category": "external",
"summary": "RHBZ#1463194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:35:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: ap_get_basic_auth_pw() authentication bypass"
},
{
"cve": "CVE-2017-3169",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463197"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_ssl NULL pointer dereference",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3169"
},
{
"category": "external",
"summary": "RHBZ#1463197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:35:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_ssl NULL pointer dereference"
},
{
"cve": "CVE-2017-7679",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463207"
}
],
"notes": [
{
"category": "description",
"text": "A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_mime buffer overread",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7679"
},
{
"category": "external",
"summary": "RHBZ#1463207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7679",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:35:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_mime buffer overread"
},
{
"cve": "CVE-2017-9788",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2017-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1470748"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Uninitialized memory reflection in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9788"
},
{
"category": "external",
"summary": "RHBZ#1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27"
}
],
"release_date": "2017-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:35:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"category": "workaround",
"details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.",
"product_ids": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: Uninitialized memory reflection in mod_auth_digest"
},
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-13T17:35:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src",
"6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x",
"6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
}
]
}
rhsa-2017:2882
Vulnerability from csaf_redhat
Published
2017-10-11 15:58
Modified
2025-08-03 17:30
Summary
Red Hat Security Advisory: httpd security update
Notes
Topic
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank Hanno Böck for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:2882",
"url": "https://access.redhat.com/errata/RHSA-2017:2882"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2882.json"
}
],
"title": "Red Hat Security Advisory: httpd security update",
"tracking": {
"current_release_date": "2025-08-03T17:30:36+00:00",
"generator": {
"date": "2025-08-03T17:30:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:2882",
"initial_release_date": "2017-10-11T15:58:15+00:00",
"revision_history": [
{
"date": "2017-10-11T15:58:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-10-11T15:58:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T17:30:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"product": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"product_id": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.6-67.el7_4.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.4.6-67.el7_4.5.x86_64",
"product": {
"name": "httpd-0:2.4.6-67.el7_4.5.x86_64",
"product_id": "httpd-0:2.4.6-67.el7_4.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-67.el7_4.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"product_id": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-67.el7_4.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"product": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"product_id": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.6-67.el7_4.5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"product": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"product_id": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.6-67.el7_4.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.6-67.el7_4.5.x86_64",
"product": {
"name": "mod_session-0:2.4.6-67.el7_4.5.x86_64",
"product_id": "mod_session-0:2.4.6-67.el7_4.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.6-67.el7_4.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"product": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"product_id": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.6-67.el7_4.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"product": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"product_id": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-67.el7_4.5?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.6-67.el7_4.5.src",
"product": {
"name": "httpd-0:2.4.6-67.el7_4.5.src",
"product_id": "httpd-0:2.4.6-67.el7_4.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-67.el7_4.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"product": {
"name": "httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"product_id": "httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.4.6-67.el7_4.5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"product": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"product_id": "httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.6-67.el7_4.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.4.6-67.el7_4.5.s390x",
"product": {
"name": "httpd-0:2.4.6-67.el7_4.5.s390x",
"product_id": "httpd-0:2.4.6-67.el7_4.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-67.el7_4.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"product": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"product_id": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-67.el7_4.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"product": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"product_id": "mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.6-67.el7_4.5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"product": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"product_id": "httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.6-67.el7_4.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.6-67.el7_4.5.s390x",
"product": {
"name": "mod_session-0:2.4.6-67.el7_4.5.s390x",
"product_id": "mod_session-0:2.4.6-67.el7_4.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.6-67.el7_4.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"product": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"product_id": "mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.6-67.el7_4.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"product": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"product_id": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-67.el7_4.5?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"product": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"product_id": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.6-67.el7_4.5?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64",
"product": {
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64",
"product_id": "httpd-0:2.4.6-67.el7_4.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-67.el7_4.5?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"product": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"product_id": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-67.el7_4.5?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"product": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"product_id": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.6-67.el7_4.5?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"product": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"product_id": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.6-67.el7_4.5?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64",
"product": {
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64",
"product_id": "mod_session-0:2.4.6-67.el7_4.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.6-67.el7_4.5?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"product": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"product_id": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.6-67.el7_4.5?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"product": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"product_id": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-67.el7_4.5?arch=ppc64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"product": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"product_id": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.6-67.el7_4.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64le",
"product": {
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64le",
"product_id": "httpd-0:2.4.6-67.el7_4.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.6-67.el7_4.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"product": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"product_id": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-67.el7_4.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"product": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"product_id": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.6-67.el7_4.5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"product": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"product_id": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.6-67.el7_4.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"product": {
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"product_id": "mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.6-67.el7_4.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"product": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"product_id": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.6-67.el7_4.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"product": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"product_id": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-67.el7_4.5?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"product": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"product_id": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.6-67.el7_4.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"product": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"product_id": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-67.el7_4.5?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"product": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"product_id": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-67.el7_4.5?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.src",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.6-67.el7_4.5.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch"
},
"product_reference": "httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.src",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.6-67.el7_4.5.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch"
},
"product_reference": "httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.src",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.6-67.el7_4.5.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch"
},
"product_reference": "httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.src",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.6-67.el7_4.5.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch"
},
"product_reference": "httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.src",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.6-67.el7_4.5.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch"
},
"product_reference": "httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.src",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.6-67.el7_4.5.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch"
},
"product_reference": "httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_session-0:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64"
},
"product_reference": "mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-11T15:58:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2882"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.src",
"7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.5.noarch",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.aarch64",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.aarch64",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.5.x86_64",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.ppc64le",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.s390x",
"7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
}
]
}
rhsa-2017:3239
Vulnerability from csaf_redhat
Published
2017-11-16 19:10
Modified
2025-08-16 00:56
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.18 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[Updated 21st November 2017]
Previously, this erratum was marked as a replacement of the JBoss Enterprise Application Platform 6.4.16 Natives. This was incorrect; the erratum is an update, not a replacement. The erratum text has been modified to reflect this.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References.
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
This release of JBoss Enterprise Application Platform 6.4.18 Natives serves as an update to the JBoss Enterprise Application Platform 6.4.16 Natives and includes bug fixes which are documented in the Release Notes document linked to in the References.
All users of Red Hat JBoss Enterprise Application Platform 6.4 Natives are advised to upgrade to these updated packages.
Security Fix(es):
* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno Böck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as the original reporters of CVE-2016-2183.
Bug Fix(es):
* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1508880)
* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1508884)
* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1508885)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 21st November 2017]\nPreviously, this erratum was marked as a replacement of the JBoss Enterprise Application Platform 6.4.16 Natives. This was incorrect; the erratum is an update, not a replacement. The erratum text has been modified to reflect this.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nThis release of JBoss Enterprise Application Platform 6.4.18 Natives serves as an update to the JBoss Enterprise Application Platform 6.4.16 Natives and includes bug fixes which are documented in the Release Notes document linked to in the References.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 Natives are advised to upgrade to these updated packages.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno B\u00f6ck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es):\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1508880)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1508884)\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1508885)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3239",
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/",
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/3229231",
"url": "https://access.redhat.com/articles/3229231"
},
{
"category": "external",
"summary": "1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "1508880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508880"
},
{
"category": "external",
"summary": "1508884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508884"
},
{
"category": "external",
"summary": "1508885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508885"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3239.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.18 security update",
"tracking": {
"current_release_date": "2025-08-16T00:56:30+00:00",
"generator": {
"date": "2025-08-16T00:56:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:3239",
"initial_release_date": "2017-11-16T19:10:21+00:00",
"revision_history": [
{
"date": "2017-11-16T19:10:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-11-21T18:05:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-16T00:56:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 6.4",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 6.4",
"product_id": "Red Hat JBoss Enterprise Application Platform 6.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-3560",
"discovery_date": "2009-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "533174"
}
],
"notes": [
{
"category": "description",
"text": "The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3560"
},
{
"category": "external",
"summary": "RHBZ#533174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533174"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3560",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3560",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3560"
}
],
"release_date": "2009-12-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-16T19:10:21+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 6.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences"
},
{
"cve": "CVE-2009-3720",
"discovery_date": "2009-08-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "531697"
}
],
"notes": [
{
"category": "description",
"text": "The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: buffer over-read and crash on XML with malformed UTF-8 sequences",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3720"
},
{
"category": "external",
"summary": "RHBZ#531697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3720",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3720"
}
],
"release_date": "2009-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-16T19:10:21+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 6.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: buffer over-read and crash on XML with malformed UTF-8 sequences"
},
{
"cve": "CVE-2012-0876",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2012-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "786617"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: hash table collisions CPU usage DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-0876"
},
{
"category": "external",
"summary": "RHBZ#786617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=786617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0876",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0876"
}
],
"release_date": "2012-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-16T19:10:21+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 6.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: hash table collisions CPU usage DoS"
},
{
"acknowledgments": [
{
"names": [
"OpenVPN"
]
},
{
"names": [
"Karthikeyan Bhargavan",
"Ga\u00ebtan Leurent"
],
"organization": "Inria",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2183",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2016-08-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1369383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2183"
},
{
"category": "external",
"summary": "RHBZ#1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2548661",
"url": "https://access.redhat.com/articles/2548661"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2016:1940",
"url": "https://access.redhat.com/errata/RHSA-2016:1940"
},
{
"category": "external",
"summary": "https://sweet32.info/",
"url": "https://sweet32.info/"
}
],
"release_date": "2016-08-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-16T19:10:21+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 6.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"category": "workaround",
"details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)"
},
{
"cve": "CVE-2017-9788",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2017-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1470748"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Uninitialized memory reflection in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9788"
},
{
"category": "external",
"summary": "RHBZ#1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27"
}
],
"release_date": "2017-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-16T19:10:21+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 6.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"category": "workaround",
"details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: Uninitialized memory reflection in mod_auth_digest"
},
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-16T19:10:21+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 6.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
}
]
}
rhsa-2017:3018
Vulnerability from csaf_redhat
Published
2017-10-24 09:22
Modified
2025-08-03 17:29
Summary
Red Hat Security Advisory: httpd24 security, bug fix, and enhancement update
Notes
Topic
An update for httpd24, httpd24-curl, httpd24-httpd, httpd24-mod_auth_kerb, and httpd24-nghttp2 is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.
The following packages have been upgraded to a later upstream version: httpd24-httpd (2.4.27). (BZ#1461819)
Security Fix(es):
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank Hanno Böck for reporting this issue.
Bug Fix(es):
* The httpd package installation script tried to create both the "apache" user and group in a single "useradd" command. Consequently, when the "apache" group had already been created on the system, the command failed, and the "apache" user was not created. To fix this bug, the "apache" group is now created by a separate command, and the "apache" user is correctly created during httpd installation even when the "apache" group exists. (BZ#1486843)
* When installing the httpd24 Software Collection using the "yum" command, if the "apache" group already existed on the system with GID other than 48, the "apache" user was not created. This update fixes the bug. (BZ#1487164)
* With this update, it is possible to run the mod_rewrite external mapping program as a non-root user. (BZ#1486832)
* On a Red Hat Enterprise Linux 6 system, when the httpd service was stopped twice in a row by running the "service httpd stop" command, a misleading message was returned: "Stopping httpd: [FAILED]". This bug has been fixed. (BZ#1418395)
* When the "service httpd24-httpd graceful" command was used on Red Hat Enterprise Linux 7 while the httpd24-httpd service was not running, the daemon was started without being tracked by systemd. As a consequence, the daemon ran in an incorrect SELinux domain. This bug has been fixed, and the httpd daemon runs in the correct SELinux domain in the described scenario. (BZ#1440858)
Enhancement(s):
* With this update, the mod_ssl module supports the ALPN protocol on Red Hat Enterprise Linux 7.4 and later versions. (BZ#1327548)
For further details, see the Red Hat Software Collections 3.0 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for httpd24, httpd24-curl, httpd24-httpd, httpd24-mod_auth_kerb, and httpd24-nghttp2 is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.\n\nThe following packages have been upgraded to a later upstream version: httpd24-httpd (2.4.27). (BZ#1461819)\n\nSecurity Fix(es):\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting this issue.\n\nBug Fix(es):\n\n* The httpd package installation script tried to create both the \"apache\" user and group in a single \"useradd\" command. Consequently, when the \"apache\" group had already been created on the system, the command failed, and the \"apache\" user was not created. To fix this bug, the \"apache\" group is now created by a separate command, and the \"apache\" user is correctly created during httpd installation even when the \"apache\" group exists. (BZ#1486843)\n\n* When installing the httpd24 Software Collection using the \"yum\" command, if the \"apache\" group already existed on the system with GID other than 48, the \"apache\" user was not created. This update fixes the bug. (BZ#1487164)\n\n* With this update, it is possible to run the mod_rewrite external mapping program as a non-root user. (BZ#1486832)\n\n* On a Red Hat Enterprise Linux 6 system, when the httpd service was stopped twice in a row by running the \"service httpd stop\" command, a misleading message was returned: \"Stopping httpd: [FAILED]\". This bug has been fixed. (BZ#1418395)\n\n* When the \"service httpd24-httpd graceful\" command was used on Red Hat Enterprise Linux 7 while the httpd24-httpd service was not running, the daemon was started without being tracked by systemd. As a consequence, the daemon ran in an incorrect SELinux domain. This bug has been fixed, and the httpd daemon runs in the correct SELinux domain in the described scenario. (BZ#1440858)\n\nEnhancement(s):\n\n* With this update, the mod_ssl module supports the ALPN protocol on Red Hat Enterprise Linux 7.4 and later versions. (BZ#1327548)\n\nFor further details, see the Red Hat Software Collections 3.0 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3018",
"url": "https://access.redhat.com/errata/RHSA-2017:3018"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Software_Collections/3/html/3.0_Release_Notes/chap-RHSCL.html#sect-RHSCL-Changes-httpd",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_Software_Collections/3/html/3.0_Release_Notes/chap-RHSCL.html#sect-RHSCL-Changes-httpd"
},
{
"category": "external",
"summary": "1327548",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327548"
},
{
"category": "external",
"summary": "1418395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418395"
},
{
"category": "external",
"summary": "1428940",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428940"
},
{
"category": "external",
"summary": "1440858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1440858"
},
{
"category": "external",
"summary": "1457316",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457316"
},
{
"category": "external",
"summary": "1480506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480506"
},
{
"category": "external",
"summary": "1486843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486843"
},
{
"category": "external",
"summary": "1487164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487164"
},
{
"category": "external",
"summary": "1488541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488541"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3018.json"
}
],
"title": "Red Hat Security Advisory: httpd24 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-08-03T17:29:51+00:00",
"generator": {
"date": "2025-08-03T17:29:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:3018",
"initial_release_date": "2017-10-24T09:22:23+00:00",
"revision_history": [
{
"date": "2017-10-24T09:22:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-10-24T09:22:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T17:29:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"product": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"product_id": "httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libcurl-devel@7.47.1-4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-curl-0:7.47.1-4.el7.x86_64",
"product": {
"name": "httpd24-curl-0:7.47.1-4.el7.x86_64",
"product_id": "httpd24-curl-0:7.47.1-4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-curl@7.47.1-4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"product": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"product_id": "httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-curl-debuginfo@7.47.1-4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"product": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"product_id": "httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libcurl@7.47.1-4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"product": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"product_id": "httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_auth_kerb@5.4-33.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"product": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"product_id": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_auth_kerb-debuginfo@5.4-33.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"product": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"product_id": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libnghttp2-devel@1.7.1-6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"product": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"product_id": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-nghttp2-debuginfo@1.7.1-6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"product": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"product_id": "httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-nghttp2@1.7.1-6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"product": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"product_id": "httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libnghttp2@1.7.1-6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-runtime-0:1.1-18.el7.x86_64",
"product": {
"name": "httpd24-runtime-0:1.1-18.el7.x86_64",
"product_id": "httpd24-runtime-0:1.1-18.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-runtime@1.1-18.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-0:1.1-18.el7.x86_64",
"product": {
"name": "httpd24-0:1.1-18.el7.x86_64",
"product_id": "httpd24-0:1.1-18.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24@1.1-18.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-scldevel-0:1.1-18.el7.x86_64",
"product": {
"name": "httpd24-scldevel-0:1.1-18.el7.x86_64",
"product_id": "httpd24-scldevel-0:1.1-18.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-scldevel@1.1-18.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"product": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"product_id": "httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.27-8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"product": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"product_id": "httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.27-8.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-0:2.4.27-8.el7.x86_64",
"product": {
"name": "httpd24-httpd-0:2.4.27-8.el7.x86_64",
"product_id": "httpd24-httpd-0:2.4.27-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd@2.4.27-8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"product": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"product_id": "httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.27-8.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"product": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"product_id": "httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.27-8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"product": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"product_id": "httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.27-8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"product": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"product_id": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.27-8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"product": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"product_id": "httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.27-8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-0:1.1-18.el6.x86_64",
"product": {
"name": "httpd24-0:1.1-18.el6.x86_64",
"product_id": "httpd24-0:1.1-18.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24@1.1-18.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-runtime-0:1.1-18.el6.x86_64",
"product": {
"name": "httpd24-runtime-0:1.1-18.el6.x86_64",
"product_id": "httpd24-runtime-0:1.1-18.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-runtime@1.1-18.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-scldevel-0:1.1-18.el6.x86_64",
"product": {
"name": "httpd24-scldevel-0:1.1-18.el6.x86_64",
"product_id": "httpd24-scldevel-0:1.1-18.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-scldevel@1.1-18.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"product": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"product_id": "httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.27-8.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"product": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"product_id": "httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.27-8.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-0:2.4.27-8.el6.x86_64",
"product": {
"name": "httpd24-httpd-0:2.4.27-8.el6.x86_64",
"product_id": "httpd24-httpd-0:2.4.27-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd@2.4.27-8.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"product": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"product_id": "httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.27-8.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"product": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"product_id": "httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.27-8.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"product": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"product_id": "httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.27-8.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"product": {
"name": "httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"product_id": "httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.27-8.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"product": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"product_id": "httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.27-8.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd24-curl-0:7.47.1-4.el7.src",
"product": {
"name": "httpd24-curl-0:7.47.1-4.el7.src",
"product_id": "httpd24-curl-0:7.47.1-4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-curl@7.47.1-4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"product": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"product_id": "httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_auth_kerb@5.4-33.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd24-nghttp2-0:1.7.1-6.el7.src",
"product": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.src",
"product_id": "httpd24-nghttp2-0:1.7.1-6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-nghttp2@1.7.1-6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd24-0:1.1-18.el7.src",
"product": {
"name": "httpd24-0:1.1-18.el7.src",
"product_id": "httpd24-0:1.1-18.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24@1.1-18.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-0:2.4.27-8.el7.src",
"product": {
"name": "httpd24-httpd-0:2.4.27-8.el7.src",
"product_id": "httpd24-httpd-0:2.4.27-8.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd@2.4.27-8.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd24-0:1.1-18.el6.src",
"product": {
"name": "httpd24-0:1.1-18.el6.src",
"product_id": "httpd24-0:1.1-18.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24@1.1-18.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-0:2.4.27-8.el6.src",
"product": {
"name": "httpd24-httpd-0:2.4.27-8.el6.src",
"product_id": "httpd24-httpd-0:2.4.27-8.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd@2.4.27-8.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64",
"product": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64",
"product_id": "httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libcurl-devel@7.47.1-4.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-curl-0:7.47.1-4.el7.aarch64",
"product": {
"name": "httpd24-curl-0:7.47.1-4.el7.aarch64",
"product_id": "httpd24-curl-0:7.47.1-4.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-curl@7.47.1-4.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64",
"product": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64",
"product_id": "httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-curl-debuginfo@7.47.1-4.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-libcurl-0:7.47.1-4.el7.aarch64",
"product": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.aarch64",
"product_id": "httpd24-libcurl-0:7.47.1-4.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libcurl@7.47.1-4.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64",
"product": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64",
"product_id": "httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_auth_kerb@5.4-33.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64",
"product": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64",
"product_id": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_auth_kerb-debuginfo@5.4-33.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64",
"product": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64",
"product_id": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libnghttp2-devel@1.7.1-6.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64",
"product": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64",
"product_id": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-nghttp2-debuginfo@1.7.1-6.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-nghttp2-0:1.7.1-6.el7.aarch64",
"product": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.aarch64",
"product_id": "httpd24-nghttp2-0:1.7.1-6.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-nghttp2@1.7.1-6.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.aarch64",
"product": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.aarch64",
"product_id": "httpd24-libnghttp2-0:1.7.1-6.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libnghttp2@1.7.1-6.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-runtime-0:1.1-18.el7.aarch64",
"product": {
"name": "httpd24-runtime-0:1.1-18.el7.aarch64",
"product_id": "httpd24-runtime-0:1.1-18.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-runtime@1.1-18.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-0:1.1-18.el7.aarch64",
"product": {
"name": "httpd24-0:1.1-18.el7.aarch64",
"product_id": "httpd24-0:1.1-18.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24@1.1-18.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-scldevel-0:1.1-18.el7.aarch64",
"product": {
"name": "httpd24-scldevel-0:1.1-18.el7.aarch64",
"product_id": "httpd24-scldevel-0:1.1-18.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-scldevel@1.1-18.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.aarch64",
"product": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.aarch64",
"product_id": "httpd24-httpd-devel-0:2.4.27-8.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.27-8.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.aarch64",
"product": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.aarch64",
"product_id": "httpd24-mod_ssl-1:2.4.27-8.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.27-8.el7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-0:2.4.27-8.el7.aarch64",
"product": {
"name": "httpd24-httpd-0:2.4.27-8.el7.aarch64",
"product_id": "httpd24-httpd-0:2.4.27-8.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd@2.4.27-8.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64",
"product": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64",
"product_id": "httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.27-8.el7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.aarch64",
"product": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.aarch64",
"product_id": "httpd24-httpd-tools-0:2.4.27-8.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.27-8.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.aarch64",
"product": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.aarch64",
"product_id": "httpd24-mod_ldap-0:2.4.27-8.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.27-8.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64",
"product": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64",
"product_id": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.27-8.el7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_session-0:2.4.27-8.el7.aarch64",
"product": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.aarch64",
"product_id": "httpd24-mod_session-0:2.4.27-8.el7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.27-8.el7?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"product": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"product_id": "httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libcurl-devel@7.47.1-4.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-curl-0:7.47.1-4.el7.s390x",
"product": {
"name": "httpd24-curl-0:7.47.1-4.el7.s390x",
"product_id": "httpd24-curl-0:7.47.1-4.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-curl@7.47.1-4.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"product": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"product_id": "httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-curl-debuginfo@7.47.1-4.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-libcurl-0:7.47.1-4.el7.s390x",
"product": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.s390x",
"product_id": "httpd24-libcurl-0:7.47.1-4.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libcurl@7.47.1-4.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"product": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"product_id": "httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_auth_kerb@5.4-33.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"product": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"product_id": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_auth_kerb-debuginfo@5.4-33.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"product": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"product_id": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libnghttp2-devel@1.7.1-6.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"product": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"product_id": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-nghttp2-debuginfo@1.7.1-6.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"product": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"product_id": "httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-nghttp2@1.7.1-6.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"product": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"product_id": "httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libnghttp2@1.7.1-6.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-runtime-0:1.1-18.el7.s390x",
"product": {
"name": "httpd24-runtime-0:1.1-18.el7.s390x",
"product_id": "httpd24-runtime-0:1.1-18.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-runtime@1.1-18.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-0:1.1-18.el7.s390x",
"product": {
"name": "httpd24-0:1.1-18.el7.s390x",
"product_id": "httpd24-0:1.1-18.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24@1.1-18.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-scldevel-0:1.1-18.el7.s390x",
"product": {
"name": "httpd24-scldevel-0:1.1-18.el7.s390x",
"product_id": "httpd24-scldevel-0:1.1-18.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-scldevel@1.1-18.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"product": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"product_id": "httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.27-8.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"product": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"product_id": "httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.27-8.el7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-0:2.4.27-8.el7.s390x",
"product": {
"name": "httpd24-httpd-0:2.4.27-8.el7.s390x",
"product_id": "httpd24-httpd-0:2.4.27-8.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd@2.4.27-8.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"product": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"product_id": "httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.27-8.el7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"product": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"product_id": "httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.27-8.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"product": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"product_id": "httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.27-8.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"product": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"product_id": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.27-8.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_session-0:2.4.27-8.el7.s390x",
"product": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.s390x",
"product_id": "httpd24-mod_session-0:2.4.27-8.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.27-8.el7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"product": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"product_id": "httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libcurl-devel@7.47.1-4.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-curl-0:7.47.1-4.el7.ppc64le",
"product": {
"name": "httpd24-curl-0:7.47.1-4.el7.ppc64le",
"product_id": "httpd24-curl-0:7.47.1-4.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-curl@7.47.1-4.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"product": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"product_id": "httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-curl-debuginfo@7.47.1-4.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"product": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"product_id": "httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libcurl@7.47.1-4.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"product": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"product_id": "httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_auth_kerb@5.4-33.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"product": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"product_id": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_auth_kerb-debuginfo@5.4-33.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"product": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"product_id": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libnghttp2-devel@1.7.1-6.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"product": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"product_id": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-nghttp2-debuginfo@1.7.1-6.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"product": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"product_id": "httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-nghttp2@1.7.1-6.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"product": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"product_id": "httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-libnghttp2@1.7.1-6.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-runtime-0:1.1-18.el7.ppc64le",
"product": {
"name": "httpd24-runtime-0:1.1-18.el7.ppc64le",
"product_id": "httpd24-runtime-0:1.1-18.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-runtime@1.1-18.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-0:1.1-18.el7.ppc64le",
"product": {
"name": "httpd24-0:1.1-18.el7.ppc64le",
"product_id": "httpd24-0:1.1-18.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24@1.1-18.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-scldevel-0:1.1-18.el7.ppc64le",
"product": {
"name": "httpd24-scldevel-0:1.1-18.el7.ppc64le",
"product_id": "httpd24-scldevel-0:1.1-18.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-scldevel@1.1-18.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"product": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"product_id": "httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.27-8.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"product": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"product_id": "httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.27-8.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"product": {
"name": "httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"product_id": "httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd@2.4.27-8.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"product": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"product_id": "httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.27-8.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"product": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"product_id": "httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.27-8.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"product": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"product_id": "httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.27-8.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"product": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"product_id": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.27-8.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"product": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"product_id": "httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.27-8.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"product": {
"name": "httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"product_id": "httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-manual@2.4.27-8.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"product": {
"name": "httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"product_id": "httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-manual@2.4.27-8.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:httpd24-0:1.1-18.el6.src"
},
"product_reference": "httpd24-0:1.1-18.el6.src",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:httpd24-0:1.1-18.el6.x86_64"
},
"product_reference": "httpd24-0:1.1-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-0:2.4.27-8.el6.src"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el6.src",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-manual-0:2.4.27-8.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-manual-0:2.4.27-8.el6.noarch"
},
"product_reference": "httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:httpd24-mod_session-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:httpd24-runtime-0:1.1-18.el6.x86_64"
},
"product_reference": "httpd24-runtime-0:1.1-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-3.0-6.7.Z:httpd24-scldevel-0:1.1-18.el6.x86_64"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:httpd24-0:1.1-18.el6.src"
},
"product_reference": "httpd24-0:1.1-18.el6.src",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:httpd24-0:1.1-18.el6.x86_64"
},
"product_reference": "httpd24-0:1.1-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.src"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el6.src",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-manual-0:2.4.27-8.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el6.noarch"
},
"product_reference": "httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el6.x86_64"
},
"product_reference": "httpd24-runtime-0:1.1-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el6.x86_64"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:httpd24-0:1.1-18.el6.src"
},
"product_reference": "httpd24-0:1.1-18.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:httpd24-0:1.1-18.el6.x86_64"
},
"product_reference": "httpd24-0:1.1-18.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.src"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-manual-0:2.4.27-8.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el6.noarch"
},
"product_reference": "httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el6.x86_64"
},
"product_reference": "httpd24-runtime-0:1.1-18.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el6.x86_64"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.ppc64le"
},
"product_reference": "httpd24-0:1.1-18.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.s390x"
},
"product_reference": "httpd24-0:1.1-18.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.src"
},
"product_reference": "httpd24-0:1.1-18.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.x86_64"
},
"product_reference": "httpd24-0:1.1-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.src"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.src"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-manual-0:2.4.27-8.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-manual-0:2.4.27-8.el7.noarch"
},
"product_reference": "httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-libcurl-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.src"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le"
},
"product_reference": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x"
},
"product_reference": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64"
},
"product_reference": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.src"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.ppc64le"
},
"product_reference": "httpd24-runtime-0:1.1-18.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.s390x"
},
"product_reference": "httpd24-runtime-0:1.1-18.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.x86_64"
},
"product_reference": "httpd24-runtime-0:1.1-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.ppc64le"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.s390x"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.x86_64"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.ppc64le"
},
"product_reference": "httpd24-0:1.1-18.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.s390x"
},
"product_reference": "httpd24-0:1.1-18.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.src"
},
"product_reference": "httpd24-0:1.1-18.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.x86_64"
},
"product_reference": "httpd24-0:1.1-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.src"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.src"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-manual-0:2.4.27-8.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-manual-0:2.4.27-8.el7.noarch"
},
"product_reference": "httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-libcurl-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.src"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le"
},
"product_reference": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x"
},
"product_reference": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64"
},
"product_reference": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.src"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.ppc64le"
},
"product_reference": "httpd24-runtime-0:1.1-18.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.s390x"
},
"product_reference": "httpd24-runtime-0:1.1-18.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.x86_64"
},
"product_reference": "httpd24-runtime-0:1.1-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.ppc64le"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.s390x"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)",
"product_id": "7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.x86_64"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.aarch64"
},
"product_reference": "httpd24-0:1.1-18.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.ppc64le"
},
"product_reference": "httpd24-0:1.1-18.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.s390x"
},
"product_reference": "httpd24-0:1.1-18.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.src"
},
"product_reference": "httpd24-0:1.1-18.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.x86_64"
},
"product_reference": "httpd24-0:1.1-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.aarch64"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.src"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64"
},
"product_reference": "httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.src"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-manual-0:2.4.27-8.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el7.noarch"
},
"product_reference": "httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.aarch64"
},
"product_reference": "httpd24-libcurl-0:7.47.1-4.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-libcurl-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64"
},
"product_reference": "httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.aarch64"
},
"product_reference": "httpd24-libnghttp2-0:1.7.1-6.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64"
},
"product_reference": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.src"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64"
},
"product_reference": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le"
},
"product_reference": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x"
},
"product_reference": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64"
},
"product_reference": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.aarch64"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.src"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64"
},
"product_reference": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.aarch64"
},
"product_reference": "httpd24-runtime-0:1.1-18.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.ppc64le"
},
"product_reference": "httpd24-runtime-0:1.1-18.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.s390x"
},
"product_reference": "httpd24-runtime-0:1.1-18.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.x86_64"
},
"product_reference": "httpd24-runtime-0:1.1-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.aarch64"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el7.aarch64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.ppc64le"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el7.ppc64le",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.s390x"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el7.s390x",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.x86_64"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.aarch64"
},
"product_reference": "httpd24-0:1.1-18.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.ppc64le"
},
"product_reference": "httpd24-0:1.1-18.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.s390x"
},
"product_reference": "httpd24-0:1.1-18.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.src"
},
"product_reference": "httpd24-0:1.1-18.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-0:1.1-18.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.x86_64"
},
"product_reference": "httpd24-0:1.1-18.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.aarch64"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.src"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-curl-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64"
},
"product_reference": "httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.src"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-manual-0:2.4.27-8.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el7.noarch"
},
"product_reference": "httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.aarch64"
},
"product_reference": "httpd24-libcurl-0:7.47.1-4.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-libcurl-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64"
},
"product_reference": "httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le"
},
"product_reference": "httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x"
},
"product_reference": "httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64"
},
"product_reference": "httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.aarch64"
},
"product_reference": "httpd24-libnghttp2-0:1.7.1-6.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64"
},
"product_reference": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.src"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64"
},
"product_reference": "httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64"
},
"product_reference": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le"
},
"product_reference": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x"
},
"product_reference": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64"
},
"product_reference": "httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.aarch64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.s390x"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.27-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.aarch64"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.src"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64"
},
"product_reference": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le"
},
"product_reference": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x"
},
"product_reference": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64"
},
"product_reference": "httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.aarch64"
},
"product_reference": "httpd24-runtime-0:1.1-18.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.ppc64le"
},
"product_reference": "httpd24-runtime-0:1.1-18.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.s390x"
},
"product_reference": "httpd24-runtime-0:1.1-18.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-runtime-0:1.1-18.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.x86_64"
},
"product_reference": "httpd24-runtime-0:1.1-18.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.aarch64"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el7.aarch64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.ppc64le"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el7.ppc64le",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.s390x"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el7.s390x",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-scldevel-0:1.1-18.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.x86_64"
},
"product_reference": "httpd24-scldevel-0:1.1-18.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-3.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.0-6.7.Z:httpd24-0:1.1-18.el6.src",
"6Server-RHSCL-3.0-6.7.Z:httpd24-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-0:2.4.27-8.el6.src",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-runtime-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-scldevel-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-0:1.1-18.el6.src",
"6Server-RHSCL-3.0:httpd24-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.src",
"6Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"6Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-0:1.1-18.el6.src",
"6Workstation-RHSCL-3.0:httpd24-0:1.1-18.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.src",
"6Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"6Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el6.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.src",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.src",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.src",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.src",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.src",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.src",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-24T09:22:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:httpd24-0:1.1-18.el6.src",
"6Server-RHSCL-3.0-6.7.Z:httpd24-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-0:2.4.27-8.el6.src",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-runtime-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-scldevel-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-0:1.1-18.el6.src",
"6Server-RHSCL-3.0:httpd24-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.src",
"6Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"6Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-0:1.1-18.el6.src",
"6Workstation-RHSCL-3.0:httpd24-0:1.1-18.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.src",
"6Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"6Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el6.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.src",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.src",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.src",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.src",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.src",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.src",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3018"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"6Server-RHSCL-3.0-6.7.Z:httpd24-0:1.1-18.el6.src",
"6Server-RHSCL-3.0-6.7.Z:httpd24-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-0:2.4.27-8.el6.src",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-runtime-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-scldevel-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-0:1.1-18.el6.src",
"6Server-RHSCL-3.0:httpd24-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.src",
"6Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"6Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-0:1.1-18.el6.src",
"6Workstation-RHSCL-3.0:httpd24-0:1.1-18.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.src",
"6Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"6Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el6.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.src",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.src",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.src",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.src",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.src",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.src",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.0-6.7.Z:httpd24-0:1.1-18.el6.src",
"6Server-RHSCL-3.0-6.7.Z:httpd24-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-0:2.4.27-8.el6.src",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"6Server-RHSCL-3.0-6.7.Z:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-runtime-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0-6.7.Z:httpd24-scldevel-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-0:1.1-18.el6.src",
"6Server-RHSCL-3.0:httpd24-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.src",
"6Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"6Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el6.x86_64",
"6Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-0:1.1-18.el6.src",
"6Workstation-RHSCL-3.0:httpd24-0:1.1-18.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.src",
"6Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el6.noarch",
"6Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el6.x86_64",
"6Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el6.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.3.Z:httpd24-scldevel-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0-7.4.Z:httpd24-scldevel-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.src",
"7Server-RHSCL-3.0:httpd24-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.src",
"7Server-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.src",
"7Server-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Server-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Server-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Server-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.aarch64",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Server-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.src",
"7Workstation-RHSCL-3.0:httpd24-0:1.1-18.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.src",
"7Workstation-RHSCL-3.0:httpd24-curl-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-curl-debuginfo-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.src",
"7Workstation-RHSCL-3.0:httpd24-httpd-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-debuginfo-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-devel-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-httpd-manual-0:2.4.27-8.el7.noarch",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-httpd-tools-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libcurl-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libcurl-devel-0:7.47.1-4.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-libnghttp2-devel-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.src",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-0:5.4-33.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_auth_kerb-debuginfo-0:5.4-33.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_ldap-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_proxy_html-1:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_session-0:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-mod_ssl-1:2.4.27-8.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.src",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-nghttp2-debuginfo-0:1.7.1-6.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-runtime-0:1.1-18.el7.x86_64",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.aarch64",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.ppc64le",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.s390x",
"7Workstation-RHSCL-3.0:httpd24-scldevel-0:1.1-18.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
}
]
}
rhsa-2017:3476
Vulnerability from csaf_redhat
Published
2017-12-15 22:34
Modified
2025-08-03 17:31
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
Notes
Topic
An update is now available for JBoss Core Services on RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)
* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)
* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)
* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank Hanno Böck for reporting CVE-2017-9798.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for JBoss Core Services on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3476",
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
},
{
"category": "external",
"summary": "1463194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194"
},
{
"category": "external",
"summary": "1463197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197"
},
{
"category": "external",
"summary": "1463207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "1506523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523"
},
{
"category": "external",
"summary": "JBCS-402",
"url": "https://issues.redhat.com/browse/JBCS-402"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3476.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update",
"tracking": {
"current_release_date": "2025-08-03T17:31:03+00:00",
"generator": {
"date": "2025-08-03T17:31:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:3476",
"initial_release_date": "2017-12-15T22:34:21+00:00",
"revision_history": [
{
"date": "2017-12-15T22:34:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-12-15T22:34:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T17:31:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.23-125.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.23-125.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-125.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.23-125.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.23-125.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-libs@2.4.23-125.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.23-125.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.23-125.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.23-125.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.23-125.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-15.GA.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-15.GA.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_1.jbcs.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-125.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-15.GA.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_1.jbcs.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.23-125.jbcs.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-3167",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463194"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: ap_get_basic_auth_pw() authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3167"
},
{
"category": "external",
"summary": "RHBZ#1463194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:34:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: ap_get_basic_auth_pw() authentication bypass"
},
{
"cve": "CVE-2017-3169",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463197"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_ssl NULL pointer dereference",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3169"
},
{
"category": "external",
"summary": "RHBZ#1463197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:34:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_ssl NULL pointer dereference"
},
{
"cve": "CVE-2017-7679",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1463207"
}
],
"notes": [
{
"category": "description",
"text": "A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_mime buffer overread",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7679"
},
{
"category": "external",
"summary": "RHBZ#1463207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7679",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2017-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:34:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_mime buffer overread"
},
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:34:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
},
{
"cve": "CVE-2017-12613",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-10-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1506523"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr: Out-of-bounds array deref in apr_time_exp*() functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12613"
},
{
"category": "external",
"summary": "RHBZ#1506523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12613"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/apr/Announcement1.x.html",
"url": "http://www.apache.org/dist/apr/Announcement1.x.html"
}
],
"release_date": "2017-10-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-12-15T22:34:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apr: Out-of-bounds array deref in apr_time_exp*() functions"
}
]
}
rhsa-2017:2972
Vulnerability from csaf_redhat
Published
2017-10-19 15:26
Modified
2025-08-03 17:30
Summary
Red Hat Security Advisory: httpd security update
Notes
Topic
An update for httpd is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
* A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171)
Red Hat would like to thank Hanno Böck for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\n* A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:2972",
"url": "https://access.redhat.com/errata/RHSA-2017:2972"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "1493056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493056"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2972.json"
}
],
"title": "Red Hat Security Advisory: httpd security update",
"tracking": {
"current_release_date": "2025-08-03T17:30:31+00:00",
"generator": {
"date": "2025-08-03T17:30:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:2972",
"initial_release_date": "2017-10-19T15:26:43+00:00",
"revision_history": [
{
"date": "2017-10-19T15:26:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-10-19T15:26:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-03T17:30:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"product": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"product_id": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.15-60.el6_9.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"product_id": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-60.el6_9.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.15-60.el6_9.6.x86_64",
"product": {
"name": "httpd-0:2.2.15-60.el6_9.6.x86_64",
"product_id": "httpd-0:2.2.15-60.el6_9.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.15-60.el6_9.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"product": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"product_id": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.15-60.el6_9.6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"product": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"product_id": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.15-60.el6_9.6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-tools-0:2.2.15-60.el6_9.6.i686",
"product": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.i686",
"product_id": "httpd-tools-0:2.2.15-60.el6_9.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.15-60.el6_9.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"product": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"product_id": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-60.el6_9.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.15-60.el6_9.6.i686",
"product": {
"name": "httpd-0:2.2.15-60.el6_9.6.i686",
"product_id": "httpd-0:2.2.15-60.el6_9.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.15-60.el6_9.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.15-60.el6_9.6.i686",
"product": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.i686",
"product_id": "httpd-devel-0:2.2.15-60.el6_9.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.15-60.el6_9.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.15-60.el6_9.6.i686",
"product": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.i686",
"product_id": "mod_ssl-1:2.2.15-60.el6_9.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.15-60.el6_9.6?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.2.15-60.el6_9.6.src",
"product": {
"name": "httpd-0:2.2.15-60.el6_9.6.src",
"product_id": "httpd-0:2.2.15-60.el6_9.6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.15-60.el6_9.6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"product": {
"name": "httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"product_id": "httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.15-60.el6_9.6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"product": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"product_id": "httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.15-60.el6_9.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"product": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"product_id": "httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.15-60.el6_9.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"product": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"product_id": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-60.el6_9.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.15-60.el6_9.6.s390x",
"product": {
"name": "httpd-0:2.2.15-60.el6_9.6.s390x",
"product_id": "httpd-0:2.2.15-60.el6_9.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.15-60.el6_9.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"product": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"product_id": "mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.15-60.el6_9.6?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390",
"product": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390",
"product_id": "httpd-devel-0:2.2.15-60.el6_9.6.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.15-60.el6_9.6?arch=s390"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"product": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"product_id": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-60.el6_9.6?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"product": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"product_id": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.15-60.el6_9.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"product": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"product_id": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.15-60.el6_9.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"product": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"product_id": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-60.el6_9.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.15-60.el6_9.6.ppc64",
"product": {
"name": "httpd-0:2.2.15-60.el6_9.6.ppc64",
"product_id": "httpd-0:2.2.15-60.el6_9.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.15-60.el6_9.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"product": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"product_id": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.15-60.el6_9.6?arch=ppc64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"product": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"product_id": "httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.15-60.el6_9.6?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"product": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"product_id": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-60.el6_9.6?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.src"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.src",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.s390",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.15-60.el6_9.6.noarch as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch"
},
"product_reference": "httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.src",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.s390",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.15-60.el6_9.6.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch"
},
"product_reference": "httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.src"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.src",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.s390",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.15-60.el6_9.6.noarch as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch"
},
"product_reference": "httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6ComputeNode-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.src",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.s390",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.15-60.el6_9.6.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch"
},
"product_reference": "httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.src"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.src",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.s390",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.15-60.el6_9.6.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch"
},
"product_reference": "httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.src"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.src",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.s390",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.15-60.el6_9.6.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch"
},
"product_reference": "httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.i686",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64"
},
"product_reference": "mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"relates_to_product_reference": "6Workstation-6.9.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-19T15:26:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2972"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
},
{
"acknowledgments": [
{
"names": [
"KAWAHARA Masashi"
]
}
],
"cve": "CVE-2017-12171",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2017-09-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1493056"
}
],
"notes": [
{
"category": "description",
"text": "A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: # character matches all IPs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12171"
},
{
"category": "external",
"summary": "RHBZ#1493056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12171",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12171"
}
],
"release_date": "2017-10-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-19T15:26:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2972"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Client-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Server-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.src",
"6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.6.noarch",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.6.x86_64",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.i686",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.ppc64",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.s390x",
"6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: # character matches all IPs"
}
]
}
rhsa-2017:3113
Vulnerability from csaf_redhat
Published
2017-11-02 19:15
Modified
2025-08-16 00:56
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server security and bug fix update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References.
This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Users of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues.
Security Fix(es):
* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)
* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)
* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno Böck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as the original reporters of CVE-2016-2183.
Bug Fix(es):
* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)
* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)
* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThis release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References.\n\nThis release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nUsers of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno B\u00f6ck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es):\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3113",
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/3227901",
"url": "https://access.redhat.com/articles/3227901"
},
{
"category": "external",
"summary": "1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "1493075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493075"
},
{
"category": "external",
"summary": "1493220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220"
},
{
"category": "external",
"summary": "1494283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3113.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server security and bug fix update",
"tracking": {
"current_release_date": "2025-08-16T00:56:43+00:00",
"generator": {
"date": "2025-08-16T00:56:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:3113",
"initial_release_date": "2017-11-02T19:15:44+00:00",
"revision_history": [
{
"date": "2017-11-02T19:15:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-11-02T19:15:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-16T00:56:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"product_id": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.26-57.ep6.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"product_id": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl22@2.2.26-58.ep6.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-manual@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap22@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-tools@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-devel@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "mod_ldap-0:2.2.26-57.ep6.el6.i386",
"product_id": "mod_ldap-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-tools-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-tools-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-devel-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-devel-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.26-57.ep6.el6.i386",
"product": {
"name": "mod_ssl-1:2.2.26-57.ep6.el6.i386",
"product_id": "mod_ssl-1:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.26-57.ep6.el6?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-manual-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-manual-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.2.26-57.ep6.el6.src",
"product": {
"name": "httpd-0:2.2.26-57.ep6.el6.src",
"product_id": "httpd-0:2.2.26-57.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"product": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"product_id": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.41-19_patch_04.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"product": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"product_id": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-28_patch_05.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd22-0:2.2.26-58.ep6.el7.src",
"product": {
"name": "httpd22-0:2.2.26-58.ep6.el7.src",
"product_id": "httpd22-0:2.2.26-58.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.26-58.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"product": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"product_id": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.41-19_patch_04.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"product": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"product_id": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-28_patch_05.ep6.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-maven-devel@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-el-2.1-api@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-lib@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-maven-devel@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-maven-devel@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-el-2.1-api@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-lib@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-maven-devel@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.26-57.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src"
},
"product_reference": "httpd-0:2.2.26-57.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-devel-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-manual-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-tools-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "mod_ldap-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386"
},
"product_reference": "mod_ssl-1:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src"
},
"product_reference": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src"
},
"product_reference": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.26-58.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src"
},
"product_reference": "httpd22-0:2.2.26-58.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src"
},
"product_reference": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src"
},
"product_reference": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"OpenVPN"
]
},
{
"names": [
"Karthikeyan Bhargavan",
"Ga\u00ebtan Leurent"
],
"organization": "Inria",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2183",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2016-08-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1369383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2183"
},
{
"category": "external",
"summary": "RHBZ#1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2548661",
"url": "https://access.redhat.com/articles/2548661"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2016:1940",
"url": "https://access.redhat.com/errata/RHSA-2016:1940"
},
{
"category": "external",
"summary": "https://sweet32.info/",
"url": "https://sweet32.info/"
}
],
"release_date": "2016-08-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:15:44+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"category": "workaround",
"details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)"
},
{
"cve": "CVE-2017-9788",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2017-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1470748"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Uninitialized memory reflection in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9788"
},
{
"category": "external",
"summary": "RHBZ#1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27"
}
],
"release_date": "2017-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:15:44+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"category": "workaround",
"details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: Uninitialized memory reflection in mod_auth_digest"
},
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:15:44+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
},
{
"cve": "CVE-2017-12615",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1493220"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution via JSP Upload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12615"
},
{
"category": "external",
"summary": "RHBZ#1493220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2017-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:15:44+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"category": "workaround",
"details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution via JSP Upload"
},
{
"cve": "CVE-2017-12617",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-09-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1494283"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution bypass for CVE-2017-12615",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12617"
},
{
"category": "external",
"summary": "RHBZ#1494283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12617"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html",
"url": "https://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html",
"url": "https://tomcat.apache.org/security-8.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2017-09-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:15:44+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"category": "workaround",
"details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution bypass for CVE-2017-12615"
}
]
}
rhsa-2017:3114
Vulnerability from csaf_redhat
Published
2017-11-02 19:04
Modified
2025-08-16 00:56
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server security and bug fix update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2. The updates are documented in the Release Notes document linked to in the References.
This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Users of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues
Security Fix(es):
* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)
* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)
* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno Böck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as the original reporters of CVE-2016-2183.
Bug Fix(es):
* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)
* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)
* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)
* The jboss-ews-application-servers zip README contains incomplete description of fixed CVEs (BZ#1497953)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThis release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2. The updates are documented in the Release Notes document linked to in the References.\n\nThis release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nUsers of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno B\u00f6ck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es):\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)\n\n* The jboss-ews-application-servers zip README contains incomplete description of fixed CVEs (BZ#1497953)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3114",
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=2.1.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=2.1.2"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/3227901",
"url": "https://access.redhat.com/articles/3227901"
},
{
"category": "external",
"summary": "1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "1493075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493075"
},
{
"category": "external",
"summary": "1493220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220"
},
{
"category": "external",
"summary": "1494283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283"
},
{
"category": "external",
"summary": "1497953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1497953"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3114.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server security and bug fix update",
"tracking": {
"current_release_date": "2025-08-16T00:56:36+00:00",
"generator": {
"date": "2025-08-16T00:56:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:3114",
"initial_release_date": "2017-11-02T19:04:48+00:00",
"revision_history": [
{
"date": "2017-11-02T19:04:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-11-02T19:04:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-16T00:56:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 2.1",
"product": {
"name": "Red Hat JBoss Web Server 2.1",
"product_id": "Red Hat JBoss Web Server 2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"OpenVPN"
]
},
{
"names": [
"Karthikeyan Bhargavan",
"Ga\u00ebtan Leurent"
],
"organization": "Inria",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2183",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2016-08-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1369383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2183"
},
{
"category": "external",
"summary": "RHBZ#1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2548661",
"url": "https://access.redhat.com/articles/2548661"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2016:1940",
"url": "https://access.redhat.com/errata/RHSA-2016:1940"
},
{
"category": "external",
"summary": "https://sweet32.info/",
"url": "https://sweet32.info/"
}
],
"release_date": "2016-08-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:04:48+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"category": "workaround",
"details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)"
},
{
"cve": "CVE-2017-9788",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2017-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1470748"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Uninitialized memory reflection in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9788"
},
{
"category": "external",
"summary": "RHBZ#1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27"
}
],
"release_date": "2017-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:04:48+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"category": "workaround",
"details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: Uninitialized memory reflection in mod_auth_digest"
},
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:04:48+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
},
{
"cve": "CVE-2017-12615",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1493220"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution via JSP Upload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12615"
},
{
"category": "external",
"summary": "RHBZ#1493220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2017-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:04:48+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"category": "workaround",
"details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution via JSP Upload"
},
{
"cve": "CVE-2017-12617",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-09-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1494283"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution bypass for CVE-2017-12615",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12617"
},
{
"category": "external",
"summary": "RHBZ#1494283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12617"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html",
"url": "https://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html",
"url": "https://tomcat.apache.org/security-8.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2017-09-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:04:48+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"category": "workaround",
"details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution bypass for CVE-2017-12615"
}
]
}
suse-su-2017:2907-1
Vulnerability from csaf_suse
Published
2017-10-30 14:55
Modified
2017-10-30 14:55
Summary
Security update for apache2
Notes
Title of the patch
Security update for apache2
Description of the patch
This update for apache2 fixes the following issues:
- Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files. (bsc#1052830)
- Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. (bsc#1064561)
Following security issue has been fixed:
- CVE-2017-9798: A use-after-free in the OPTIONS command could be used by attackers to disclose memory of the apache server process, when htaccess uses incorrect Limit statement. (bsc#1058058)
Additionally, references to the following security issues, fixed by the previous version-update of apache2
to Apache HTTPD 2.2.34 have been added:
- CVE-2017-7668: The HTTP strict parsing introduced a bug in token list parsing, which allowed ap_find_token() to
search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may
have be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. (bsc#1045061)
- CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS. (bsc#1045062)
- CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have
lead to authentication requirements being bypassed. (bsc#1045065)
- CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type
response header. (bsc#1045060)
Patchnames
sdksp4-apache2-13331,sleposp3-apache2-13331,slessp3-apache2-13331,slessp4-apache2-13331,slestso13-apache2-13331
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\n- Allow disabling SNI on proxy connections using \u0027SetEnv proxy-disable-sni 1\u0027 in the configuration files. (bsc#1052830)\n- Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. (bsc#1064561)\n\nFollowing security issue has been fixed:\n\n- CVE-2017-9798: A use-after-free in the OPTIONS command could be used by attackers to disclose memory of the apache server process, when htaccess uses incorrect Limit statement. (bsc#1058058)\n\nAdditionally, references to the following security issues, fixed by the previous version-update of apache2\nto Apache HTTPD 2.2.34 have been added:\n\n- CVE-2017-7668: The HTTP strict parsing introduced a bug in token list parsing, which allowed ap_find_token() to\n search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may\n have be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. (bsc#1045061)\n- CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when third-party modules call \n ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS. (bsc#1045062)\n- CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have\n lead to authentication requirements being bypassed. (bsc#1045065)\n- CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type\n response header. (bsc#1045060)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-apache2-13331,sleposp3-apache2-13331,slessp3-apache2-13331,slessp4-apache2-13331,slestso13-apache2-13331",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2907-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2907-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172907-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2907-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003365.html"
},
{
"category": "self",
"summary": "SUSE Bug 1045060",
"url": "https://bugzilla.suse.com/1045060"
},
{
"category": "self",
"summary": "SUSE Bug 1045061",
"url": "https://bugzilla.suse.com/1045061"
},
{
"category": "self",
"summary": "SUSE Bug 1045062",
"url": "https://bugzilla.suse.com/1045062"
},
{
"category": "self",
"summary": "SUSE Bug 1045065",
"url": "https://bugzilla.suse.com/1045065"
},
{
"category": "self",
"summary": "SUSE Bug 1052830",
"url": "https://bugzilla.suse.com/1052830"
},
{
"category": "self",
"summary": "SUSE Bug 1058058",
"url": "https://bugzilla.suse.com/1058058"
},
{
"category": "self",
"summary": "SUSE Bug 1064561",
"url": "https://bugzilla.suse.com/1064561"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-2699 page",
"url": "https://www.suse.com/security/cve/CVE-2009-2699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-0425 page",
"url": "https://www.suse.com/security/cve/CVE-2010-0425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-0021 page",
"url": "https://www.suse.com/security/cve/CVE-2012-0021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-0118 page",
"url": "https://www.suse.com/security/cve/CVE-2014-0118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3167 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3169 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7668 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7679 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9798 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9798/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2017-10-30T14:55:59Z",
"generator": {
"date": "2017-10-30T14:55:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2907-1",
"initial_release_date": "2017-10-30T14:55:59Z",
"revision_history": [
{
"date": "2017-10-30T14:55:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.2.34-70.12.1.i586",
"product": {
"name": "apache2-2.2.34-70.12.1.i586",
"product_id": "apache2-2.2.34-70.12.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.2.34-70.12.1.i586",
"product": {
"name": "apache2-devel-2.2.34-70.12.1.i586",
"product_id": "apache2-devel-2.2.34-70.12.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.34-70.12.1.i586",
"product": {
"name": "apache2-doc-2.2.34-70.12.1.i586",
"product_id": "apache2-doc-2.2.34-70.12.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.34-70.12.1.i586",
"product": {
"name": "apache2-example-pages-2.2.34-70.12.1.i586",
"product_id": "apache2-example-pages-2.2.34-70.12.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.34-70.12.1.i586",
"product": {
"name": "apache2-prefork-2.2.34-70.12.1.i586",
"product_id": "apache2-prefork-2.2.34-70.12.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.34-70.12.1.i586",
"product": {
"name": "apache2-utils-2.2.34-70.12.1.i586",
"product_id": "apache2-utils-2.2.34-70.12.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.34-70.12.1.i586",
"product": {
"name": "apache2-worker-2.2.34-70.12.1.i586",
"product_id": "apache2-worker-2.2.34-70.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.2.34-70.12.1.ia64",
"product": {
"name": "apache2-devel-2.2.34-70.12.1.ia64",
"product_id": "apache2-devel-2.2.34-70.12.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-2.2.34-70.12.1.ia64",
"product": {
"name": "apache2-2.2.34-70.12.1.ia64",
"product_id": "apache2-2.2.34-70.12.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.34-70.12.1.ia64",
"product": {
"name": "apache2-doc-2.2.34-70.12.1.ia64",
"product_id": "apache2-doc-2.2.34-70.12.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.34-70.12.1.ia64",
"product": {
"name": "apache2-example-pages-2.2.34-70.12.1.ia64",
"product_id": "apache2-example-pages-2.2.34-70.12.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.34-70.12.1.ia64",
"product": {
"name": "apache2-prefork-2.2.34-70.12.1.ia64",
"product_id": "apache2-prefork-2.2.34-70.12.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.34-70.12.1.ia64",
"product": {
"name": "apache2-utils-2.2.34-70.12.1.ia64",
"product_id": "apache2-utils-2.2.34-70.12.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.34-70.12.1.ia64",
"product": {
"name": "apache2-worker-2.2.34-70.12.1.ia64",
"product_id": "apache2-worker-2.2.34-70.12.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.2.34-70.12.1.ppc64",
"product": {
"name": "apache2-devel-2.2.34-70.12.1.ppc64",
"product_id": "apache2-devel-2.2.34-70.12.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-2.2.34-70.12.1.ppc64",
"product": {
"name": "apache2-2.2.34-70.12.1.ppc64",
"product_id": "apache2-2.2.34-70.12.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.34-70.12.1.ppc64",
"product": {
"name": "apache2-doc-2.2.34-70.12.1.ppc64",
"product_id": "apache2-doc-2.2.34-70.12.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.34-70.12.1.ppc64",
"product": {
"name": "apache2-example-pages-2.2.34-70.12.1.ppc64",
"product_id": "apache2-example-pages-2.2.34-70.12.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.34-70.12.1.ppc64",
"product": {
"name": "apache2-prefork-2.2.34-70.12.1.ppc64",
"product_id": "apache2-prefork-2.2.34-70.12.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.34-70.12.1.ppc64",
"product": {
"name": "apache2-utils-2.2.34-70.12.1.ppc64",
"product_id": "apache2-utils-2.2.34-70.12.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.34-70.12.1.ppc64",
"product": {
"name": "apache2-worker-2.2.34-70.12.1.ppc64",
"product_id": "apache2-worker-2.2.34-70.12.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.2.34-70.12.1.s390x",
"product": {
"name": "apache2-devel-2.2.34-70.12.1.s390x",
"product_id": "apache2-devel-2.2.34-70.12.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-2.2.34-70.12.1.s390x",
"product": {
"name": "apache2-2.2.34-70.12.1.s390x",
"product_id": "apache2-2.2.34-70.12.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.34-70.12.1.s390x",
"product": {
"name": "apache2-doc-2.2.34-70.12.1.s390x",
"product_id": "apache2-doc-2.2.34-70.12.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.34-70.12.1.s390x",
"product": {
"name": "apache2-example-pages-2.2.34-70.12.1.s390x",
"product_id": "apache2-example-pages-2.2.34-70.12.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.34-70.12.1.s390x",
"product": {
"name": "apache2-prefork-2.2.34-70.12.1.s390x",
"product_id": "apache2-prefork-2.2.34-70.12.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.34-70.12.1.s390x",
"product": {
"name": "apache2-utils-2.2.34-70.12.1.s390x",
"product_id": "apache2-utils-2.2.34-70.12.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.34-70.12.1.s390x",
"product": {
"name": "apache2-worker-2.2.34-70.12.1.s390x",
"product_id": "apache2-worker-2.2.34-70.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.2.34-70.12.1.x86_64",
"product": {
"name": "apache2-2.2.34-70.12.1.x86_64",
"product_id": "apache2-2.2.34-70.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.2.34-70.12.1.x86_64",
"product": {
"name": "apache2-devel-2.2.34-70.12.1.x86_64",
"product_id": "apache2-devel-2.2.34-70.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.34-70.12.1.x86_64",
"product": {
"name": "apache2-doc-2.2.34-70.12.1.x86_64",
"product_id": "apache2-doc-2.2.34-70.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.34-70.12.1.x86_64",
"product": {
"name": "apache2-example-pages-2.2.34-70.12.1.x86_64",
"product_id": "apache2-example-pages-2.2.34-70.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.34-70.12.1.x86_64",
"product": {
"name": "apache2-prefork-2.2.34-70.12.1.x86_64",
"product_id": "apache2-prefork-2.2.34-70.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.34-70.12.1.x86_64",
"product": {
"name": "apache2-utils-2.2.34-70.12.1.x86_64",
"product_id": "apache2-utils-2.2.34-70.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.34-70.12.1.x86_64",
"product": {
"name": "apache2-worker-2.2.34-70.12.1.x86_64",
"product_id": "apache2-worker-2.2.34-70.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp3:teradata"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-devel-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.12.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64"
},
"product_reference": "apache2-devel-2.2.34-70.12.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.12.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64"
},
"product_reference": "apache2-devel-2.2.34-70.12.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-devel-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-devel-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-devel-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-devel-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-devel-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-devel-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-devel-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-devel-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-devel-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64"
},
"product_reference": "apache2-2.2.34-70.12.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64"
},
"product_reference": "apache2-2.2.34-70.12.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64"
},
"product_reference": "apache2-2.2.34-70.12.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64"
},
"product_reference": "apache2-2.2.34-70.12.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-doc-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-example-pages-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-prefork-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-utils-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-worker-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.12.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
},
"product_reference": "apache2-devel-2.2.34-70.12.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-2699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-2699"
}
],
"notes": [
{
"category": "general",
"text": "The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-2699",
"url": "https://www.suse.com/security/cve/CVE-2009-2699"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2009-2699",
"url": "https://bugzilla.suse.com/1078450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-30T14:55:59Z",
"details": "important"
}
],
"title": "CVE-2009-2699"
},
{
"cve": "CVE-2010-0425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-0425"
}
],
"notes": [
{
"category": "general",
"text": "modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and \"orphaned callback pointers.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-0425",
"url": "https://www.suse.com/security/cve/CVE-2010-0425"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2010-0425",
"url": "https://bugzilla.suse.com/1078450"
},
{
"category": "external",
"summary": "SUSE Bug 586572 for CVE-2010-0425",
"url": "https://bugzilla.suse.com/586572"
},
{
"category": "external",
"summary": "SUSE Bug 601151 for CVE-2010-0425",
"url": "https://bugzilla.suse.com/601151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-30T14:55:59Z",
"details": "critical"
}
],
"title": "CVE-2010-0425"
},
{
"cve": "CVE-2012-0021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-0021"
}
],
"notes": [
{
"category": "general",
"text": "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-0021",
"url": "https://www.suse.com/security/cve/CVE-2012-0021"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2012-0021",
"url": "https://bugzilla.suse.com/1078450"
},
{
"category": "external",
"summary": "SUSE Bug 743744 for CVE-2012-0021",
"url": "https://bugzilla.suse.com/743744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-30T14:55:59Z",
"details": "moderate"
}
],
"title": "CVE-2012-0021"
},
{
"cve": "CVE-2014-0118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-0118"
}
],
"notes": [
{
"category": "general",
"text": "The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-0118",
"url": "https://www.suse.com/security/cve/CVE-2014-0118"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2014-0118",
"url": "https://bugzilla.suse.com/1078450"
},
{
"category": "external",
"summary": "SUSE Bug 887769 for CVE-2014-0118",
"url": "https://bugzilla.suse.com/887769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-30T14:55:59Z",
"details": "moderate"
}
],
"title": "CVE-2014-0118"
},
{
"cve": "CVE-2017-3167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3167"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3167",
"url": "https://www.suse.com/security/cve/CVE-2017-3167"
},
{
"category": "external",
"summary": "SUSE Bug 1045065 for CVE-2017-3167",
"url": "https://bugzilla.suse.com/1045065"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2017-3167",
"url": "https://bugzilla.suse.com/1078450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-30T14:55:59Z",
"details": "important"
}
],
"title": "CVE-2017-3167"
},
{
"cve": "CVE-2017-3169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3169"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3169",
"url": "https://www.suse.com/security/cve/CVE-2017-3169"
},
{
"category": "external",
"summary": "SUSE Bug 1045062 for CVE-2017-3169",
"url": "https://bugzilla.suse.com/1045062"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2017-3169",
"url": "https://bugzilla.suse.com/1078450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-30T14:55:59Z",
"details": "moderate"
}
],
"title": "CVE-2017-3169"
},
{
"cve": "CVE-2017-7668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7668"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7668",
"url": "https://www.suse.com/security/cve/CVE-2017-7668"
},
{
"category": "external",
"summary": "SUSE Bug 1045061 for CVE-2017-7668",
"url": "https://bugzilla.suse.com/1045061"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2017-7668",
"url": "https://bugzilla.suse.com/1078450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-30T14:55:59Z",
"details": "critical"
}
],
"title": "CVE-2017-7668"
},
{
"cve": "CVE-2017-7679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7679"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7679",
"url": "https://www.suse.com/security/cve/CVE-2017-7679"
},
{
"category": "external",
"summary": "SUSE Bug 1045060 for CVE-2017-7679",
"url": "https://bugzilla.suse.com/1045060"
},
{
"category": "external",
"summary": "SUSE Bug 1057861 for CVE-2017-7679",
"url": "https://bugzilla.suse.com/1057861"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2017-7679",
"url": "https://bugzilla.suse.com/1078450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-30T14:55:59Z",
"details": "moderate"
}
],
"title": "CVE-2017-7679"
},
{
"cve": "CVE-2017-9798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9798"
}
],
"notes": [
{
"category": "general",
"text": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9798",
"url": "https://www.suse.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "SUSE Bug 1058058 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1058058"
},
{
"category": "external",
"summary": "SUSE Bug 1060757 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1060757"
},
{
"category": "external",
"summary": "SUSE Bug 1077582 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1077582"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1078450"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1089997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.12.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-30T14:55:59Z",
"details": "moderate"
}
],
"title": "CVE-2017-9798"
}
]
}
suse-su-2017:2542-1
Vulnerability from csaf_suse
Published
2017-09-21 13:32
Modified
2017-09-21 13:32
Summary
Security update for apache2
Notes
Title of the patch
Security update for apache2
Description of the patch
This update for apache2 fixes the following security issue:
- CVE-2017-9798: Prevent use-after-free use of memory that allowed for an
information leak via OPTIONS (bsc#1058058).
Patchnames
SUSE-SLE-RPI-12-SP2-2017-1572,SUSE-SLE-SDK-12-SP2-2017-1572,SUSE-SLE-SDK-12-SP3-2017-1572,SUSE-SLE-SERVER-12-SP2-2017-1572,SUSE-SLE-SERVER-12-SP3-2017-1572
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following security issue:\n\n- CVE-2017-9798: Prevent use-after-free use of memory that allowed for an\n information leak via OPTIONS (bsc#1058058).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-RPI-12-SP2-2017-1572,SUSE-SLE-SDK-12-SP2-2017-1572,SUSE-SLE-SDK-12-SP3-2017-1572,SUSE-SLE-SERVER-12-SP2-2017-1572,SUSE-SLE-SERVER-12-SP3-2017-1572",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2542-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2542-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172542-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2542-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-September/003254.html"
},
{
"category": "self",
"summary": "SUSE Bug 1058058",
"url": "https://bugzilla.suse.com/1058058"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9798 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9798/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2017-09-21T13:32:22Z",
"generator": {
"date": "2017-09-21T13:32:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2542-1",
"initial_release_date": "2017-09-21T13:32:22Z",
"revision_history": [
{
"date": "2017-09-21T13:32:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.23-29.6.1.aarch64",
"product": {
"name": "apache2-2.4.23-29.6.1.aarch64",
"product_id": "apache2-2.4.23-29.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.6.1.aarch64",
"product": {
"name": "apache2-example-pages-2.4.23-29.6.1.aarch64",
"product_id": "apache2-example-pages-2.4.23-29.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.6.1.aarch64",
"product": {
"name": "apache2-prefork-2.4.23-29.6.1.aarch64",
"product_id": "apache2-prefork-2.4.23-29.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.6.1.aarch64",
"product": {
"name": "apache2-utils-2.4.23-29.6.1.aarch64",
"product_id": "apache2-utils-2.4.23-29.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.6.1.aarch64",
"product": {
"name": "apache2-worker-2.4.23-29.6.1.aarch64",
"product_id": "apache2-worker-2.4.23-29.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.6.1.aarch64",
"product": {
"name": "apache2-devel-2.4.23-29.6.1.aarch64",
"product_id": "apache2-devel-2.4.23-29.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.23-29.6.1.noarch",
"product": {
"name": "apache2-doc-2.4.23-29.6.1.noarch",
"product_id": "apache2-doc-2.4.23-29.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.6.1.ppc64le",
"product": {
"name": "apache2-devel-2.4.23-29.6.1.ppc64le",
"product_id": "apache2-devel-2.4.23-29.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-29.6.1.ppc64le",
"product": {
"name": "apache2-2.4.23-29.6.1.ppc64le",
"product_id": "apache2-2.4.23-29.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.6.1.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.23-29.6.1.ppc64le",
"product_id": "apache2-example-pages-2.4.23-29.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.6.1.ppc64le",
"product": {
"name": "apache2-prefork-2.4.23-29.6.1.ppc64le",
"product_id": "apache2-prefork-2.4.23-29.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.6.1.ppc64le",
"product": {
"name": "apache2-utils-2.4.23-29.6.1.ppc64le",
"product_id": "apache2-utils-2.4.23-29.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.6.1.ppc64le",
"product": {
"name": "apache2-worker-2.4.23-29.6.1.ppc64le",
"product_id": "apache2-worker-2.4.23-29.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.6.1.s390x",
"product": {
"name": "apache2-devel-2.4.23-29.6.1.s390x",
"product_id": "apache2-devel-2.4.23-29.6.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-29.6.1.s390x",
"product": {
"name": "apache2-2.4.23-29.6.1.s390x",
"product_id": "apache2-2.4.23-29.6.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.6.1.s390x",
"product": {
"name": "apache2-example-pages-2.4.23-29.6.1.s390x",
"product_id": "apache2-example-pages-2.4.23-29.6.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.6.1.s390x",
"product": {
"name": "apache2-prefork-2.4.23-29.6.1.s390x",
"product_id": "apache2-prefork-2.4.23-29.6.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.6.1.s390x",
"product": {
"name": "apache2-utils-2.4.23-29.6.1.s390x",
"product_id": "apache2-utils-2.4.23-29.6.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.6.1.s390x",
"product": {
"name": "apache2-worker-2.4.23-29.6.1.s390x",
"product_id": "apache2-worker-2.4.23-29.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.6.1.x86_64",
"product": {
"name": "apache2-devel-2.4.23-29.6.1.x86_64",
"product_id": "apache2-devel-2.4.23-29.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-29.6.1.x86_64",
"product": {
"name": "apache2-2.4.23-29.6.1.x86_64",
"product_id": "apache2-2.4.23-29.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.6.1.x86_64",
"product": {
"name": "apache2-example-pages-2.4.23-29.6.1.x86_64",
"product_id": "apache2-example-pages-2.4.23-29.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.6.1.x86_64",
"product": {
"name": "apache2-prefork-2.4.23-29.6.1.x86_64",
"product_id": "apache2-prefork-2.4.23-29.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.6.1.x86_64",
"product": {
"name": "apache2-utils-2.4.23-29.6.1.x86_64",
"product_id": "apache2-utils-2.4.23-29.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.6.1.x86_64",
"product": {
"name": "apache2-worker-2.4.23-29.6.1.x86_64",
"product_id": "apache2-worker-2.4.23-29.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.6.1.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-doc-2.4.23-29.6.1.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-example-pages-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-prefork-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-utils-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-worker-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-devel-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-devel-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-devel-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-devel-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-devel-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-devel-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-devel-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-devel-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-doc-2.4.23-29.6.1.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.6.1.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.6.1.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.6.1.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.aarch64"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-9798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9798"
}
],
"notes": [
{
"category": "general",
"text": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9798",
"url": "https://www.suse.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "SUSE Bug 1058058 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1058058"
},
{
"category": "external",
"summary": "SUSE Bug 1060757 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1060757"
},
{
"category": "external",
"summary": "SUSE Bug 1077582 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1077582"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1078450"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1089997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-29.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-21T13:32:22Z",
"details": "moderate"
}
],
"title": "CVE-2017-9798"
}
]
}
suse-su-2017:2718-1
Vulnerability from csaf_suse
Published
2017-10-12 14:32
Modified
2017-10-12 14:32
Summary
Security update for apache2
Notes
Title of the patch
Security update for apache2
Description of the patch
This update for apache2 fixes one issues.
This security issue was fixed:
- CVE-2017-9798: Prevent use-after-free use of memory that allowed for an
information leak via OPTIONS (bsc#1058058)
Patchnames
SUSE-OpenStack-Cloud-6-2017-1682,SUSE-SLE-SAP-12-SP1-2017-1682,SUSE-SLE-SERVER-12-SP1-2017-1682
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes one issues.\n\nThis security issue was fixed:\n\n- CVE-2017-9798: Prevent use-after-free use of memory that allowed for an\n information leak via OPTIONS (bsc#1058058)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-6-2017-1682,SUSE-SLE-SAP-12-SP1-2017-1682,SUSE-SLE-SERVER-12-SP1-2017-1682",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2718-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2718-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172718-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2718-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003295.html"
},
{
"category": "self",
"summary": "SUSE Bug 1058058",
"url": "https://bugzilla.suse.com/1058058"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9798 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9798/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2017-10-12T14:32:45Z",
"generator": {
"date": "2017-10-12T14:32:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2718-1",
"initial_release_date": "2017-10-12T14:32:45Z",
"revision_history": [
{
"date": "2017-10-12T14:32:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.16-20.13.1.noarch",
"product": {
"name": "apache2-doc-2.4.16-20.13.1.noarch",
"product_id": "apache2-doc-2.4.16-20.13.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.16-20.13.1.ppc64le",
"product": {
"name": "apache2-2.4.16-20.13.1.ppc64le",
"product_id": "apache2-2.4.16-20.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.16-20.13.1.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.16-20.13.1.ppc64le",
"product_id": "apache2-example-pages-2.4.16-20.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.16-20.13.1.ppc64le",
"product": {
"name": "apache2-prefork-2.4.16-20.13.1.ppc64le",
"product_id": "apache2-prefork-2.4.16-20.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.16-20.13.1.ppc64le",
"product": {
"name": "apache2-utils-2.4.16-20.13.1.ppc64le",
"product_id": "apache2-utils-2.4.16-20.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.16-20.13.1.ppc64le",
"product": {
"name": "apache2-worker-2.4.16-20.13.1.ppc64le",
"product_id": "apache2-worker-2.4.16-20.13.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.16-20.13.1.s390x",
"product": {
"name": "apache2-2.4.16-20.13.1.s390x",
"product_id": "apache2-2.4.16-20.13.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.16-20.13.1.s390x",
"product": {
"name": "apache2-example-pages-2.4.16-20.13.1.s390x",
"product_id": "apache2-example-pages-2.4.16-20.13.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.16-20.13.1.s390x",
"product": {
"name": "apache2-prefork-2.4.16-20.13.1.s390x",
"product_id": "apache2-prefork-2.4.16-20.13.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.16-20.13.1.s390x",
"product": {
"name": "apache2-utils-2.4.16-20.13.1.s390x",
"product_id": "apache2-utils-2.4.16-20.13.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.16-20.13.1.s390x",
"product": {
"name": "apache2-worker-2.4.16-20.13.1.s390x",
"product_id": "apache2-worker-2.4.16-20.13.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.16-20.13.1.x86_64",
"product": {
"name": "apache2-2.4.16-20.13.1.x86_64",
"product_id": "apache2-2.4.16-20.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.16-20.13.1.x86_64",
"product": {
"name": "apache2-example-pages-2.4.16-20.13.1.x86_64",
"product_id": "apache2-example-pages-2.4.16-20.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.16-20.13.1.x86_64",
"product": {
"name": "apache2-prefork-2.4.16-20.13.1.x86_64",
"product_id": "apache2-prefork-2.4.16-20.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.16-20.13.1.x86_64",
"product": {
"name": "apache2-utils-2.4.16-20.13.1.x86_64",
"product_id": "apache2-utils-2.4.16-20.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.16-20.13.1.x86_64",
"product": {
"name": "apache2-worker-2.4.16-20.13.1.x86_64",
"product_id": "apache2-worker-2.4.16-20.13.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 6",
"product": {
"name": "SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-20.13.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:apache2-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.16-20.13.1.noarch as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.13.1.noarch"
},
"product_reference": "apache2-doc-2.4.16-20.13.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-20.13.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-20.13.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-20.13.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-utils-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-20.13.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-worker-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-20.13.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.13.1.ppc64le"
},
"product_reference": "apache2-2.4.16-20.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-20.13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.16-20.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.13.1.noarch"
},
"product_reference": "apache2-doc-2.4.16-20.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-20.13.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.13.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.16-20.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-20.13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-20.13.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.13.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.16-20.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-20.13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-20.13.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.13.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.16-20.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-20.13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-utils-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-20.13.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.13.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.16-20.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-20.13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-worker-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-20.13.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.13.1.ppc64le"
},
"product_reference": "apache2-2.4.16-20.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-20.13.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.13.1.s390x"
},
"product_reference": "apache2-2.4.16-20.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-20.13.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.16-20.13.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.13.1.noarch"
},
"product_reference": "apache2-doc-2.4.16-20.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-20.13.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.13.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.16-20.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-20.13.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.13.1.s390x"
},
"product_reference": "apache2-example-pages-2.4.16-20.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-20.13.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-20.13.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.13.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.16-20.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-20.13.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.13.1.s390x"
},
"product_reference": "apache2-prefork-2.4.16-20.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-20.13.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-20.13.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.13.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.16-20.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-20.13.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.13.1.s390x"
},
"product_reference": "apache2-utils-2.4.16-20.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-20.13.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-utils-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-20.13.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.13.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.16-20.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-20.13.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.13.1.s390x"
},
"product_reference": "apache2-worker-2.4.16-20.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-20.13.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.13.1.x86_64"
},
"product_reference": "apache2-worker-2.4.16-20.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-9798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9798"
}
],
"notes": [
{
"category": "general",
"text": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.13.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.13.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9798",
"url": "https://www.suse.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "SUSE Bug 1058058 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1058058"
},
{
"category": "external",
"summary": "SUSE Bug 1060757 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1060757"
},
{
"category": "external",
"summary": "SUSE Bug 1077582 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1077582"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1078450"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1089997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.13.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.13.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.13.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.13.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.13.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.13.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-12T14:32:45Z",
"details": "moderate"
}
],
"title": "CVE-2017-9798"
}
]
}
suse-su-2017:2756-1
Vulnerability from csaf_suse
Published
2017-10-18 11:46
Modified
2017-10-18 11:46
Summary
Security update for apache2
Notes
Title of the patch
Security update for apache2
Description of the patch
This update for apache2 fixes several issues.
These security issues were fixed:
- CVE-2017-9798: Prevent use-after-free use of memory that allowed for an
information leak via OPTIONS (bsc#1058058)
- CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest could have
lead to leakage of potentially confidential information, and a segfault in
other cases resulting in DoS (bsc#1048576).
- CVE-2017-7679: mod_mime could have read one byte past the end of a buffer
when sending a malicious Content-Type response header (bsc#1045060).
- CVE-2017-3169: mod_ssl may dereferenced a NULL pointer when third-party
modules call ap_hook_process_connection() during an HTTP request to an HTTPS
port allowing for DoS (bsc#1045062).
- CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules
outside of the authentication phase may have lead to authentication
requirements being bypassed (bsc#1045065).
These non-security issues were fixed:
- remove /usr/bin/http2 symlink only during apache2 package
uninstall, not upgrade (bsc#1041830)
- gensslcert: use hostname when fqdn is too long (bsc#1035829)
- add NotifyAccess=all to service file (bsc#980663)
Patchnames
SUSE-SLE-SERVER-12-2017-1709
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes several issues.\n\nThese security issues were fixed:\n \n- CVE-2017-9798: Prevent use-after-free use of memory that allowed for an\n information leak via OPTIONS (bsc#1058058)\n- CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest could have\n lead to leakage of potentially confidential information, and a segfault in\n other cases resulting in DoS (bsc#1048576).\n- CVE-2017-7679: mod_mime could have read one byte past the end of a buffer\n when sending a malicious Content-Type response header (bsc#1045060).\n- CVE-2017-3169: mod_ssl may dereferenced a NULL pointer when third-party\n modules call ap_hook_process_connection() during an HTTP request to an HTTPS\n port allowing for DoS (bsc#1045062).\n- CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules\n outside of the authentication phase may have lead to authentication\n requirements being bypassed (bsc#1045065).\n\nThese non-security issues were fixed:\n\n- remove /usr/bin/http2 symlink only during apache2 package \n uninstall, not upgrade (bsc#1041830)\n- gensslcert: use hostname when fqdn is too long (bsc#1035829)\n- add NotifyAccess=all to service file (bsc#980663)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-2017-1709",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2756-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2756-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172756-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2756-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003305.html"
},
{
"category": "self",
"summary": "SUSE Bug 1035829",
"url": "https://bugzilla.suse.com/1035829"
},
{
"category": "self",
"summary": "SUSE Bug 1041830",
"url": "https://bugzilla.suse.com/1041830"
},
{
"category": "self",
"summary": "SUSE Bug 1045060",
"url": "https://bugzilla.suse.com/1045060"
},
{
"category": "self",
"summary": "SUSE Bug 1045062",
"url": "https://bugzilla.suse.com/1045062"
},
{
"category": "self",
"summary": "SUSE Bug 1045065",
"url": "https://bugzilla.suse.com/1045065"
},
{
"category": "self",
"summary": "SUSE Bug 1048576",
"url": "https://bugzilla.suse.com/1048576"
},
{
"category": "self",
"summary": "SUSE Bug 1058058",
"url": "https://bugzilla.suse.com/1058058"
},
{
"category": "self",
"summary": "SUSE Bug 980663",
"url": "https://bugzilla.suse.com/980663"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3167 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-3169 page",
"url": "https://www.suse.com/security/cve/CVE-2017-3169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7679 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9788 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9798 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9798/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2017-10-18T11:46:36Z",
"generator": {
"date": "2017-10-18T11:46:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2756-1",
"initial_release_date": "2017-10-18T11:46:36Z",
"revision_history": [
{
"date": "2017-10-18T11:46:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.10-14.28.1.noarch",
"product": {
"name": "apache2-doc-2.4.10-14.28.1.noarch",
"product_id": "apache2-doc-2.4.10-14.28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.10-14.28.1.ppc64le",
"product": {
"name": "apache2-2.4.10-14.28.1.ppc64le",
"product_id": "apache2-2.4.10-14.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.10-14.28.1.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.10-14.28.1.ppc64le",
"product_id": "apache2-example-pages-2.4.10-14.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.10-14.28.1.ppc64le",
"product": {
"name": "apache2-prefork-2.4.10-14.28.1.ppc64le",
"product_id": "apache2-prefork-2.4.10-14.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.10-14.28.1.ppc64le",
"product": {
"name": "apache2-utils-2.4.10-14.28.1.ppc64le",
"product_id": "apache2-utils-2.4.10-14.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.10-14.28.1.ppc64le",
"product": {
"name": "apache2-worker-2.4.10-14.28.1.ppc64le",
"product_id": "apache2-worker-2.4.10-14.28.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.10-14.28.1.s390x",
"product": {
"name": "apache2-2.4.10-14.28.1.s390x",
"product_id": "apache2-2.4.10-14.28.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.10-14.28.1.s390x",
"product": {
"name": "apache2-example-pages-2.4.10-14.28.1.s390x",
"product_id": "apache2-example-pages-2.4.10-14.28.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.10-14.28.1.s390x",
"product": {
"name": "apache2-prefork-2.4.10-14.28.1.s390x",
"product_id": "apache2-prefork-2.4.10-14.28.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.10-14.28.1.s390x",
"product": {
"name": "apache2-utils-2.4.10-14.28.1.s390x",
"product_id": "apache2-utils-2.4.10-14.28.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.10-14.28.1.s390x",
"product": {
"name": "apache2-worker-2.4.10-14.28.1.s390x",
"product_id": "apache2-worker-2.4.10-14.28.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.10-14.28.1.x86_64",
"product": {
"name": "apache2-2.4.10-14.28.1.x86_64",
"product_id": "apache2-2.4.10-14.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.10-14.28.1.x86_64",
"product": {
"name": "apache2-example-pages-2.4.10-14.28.1.x86_64",
"product_id": "apache2-example-pages-2.4.10-14.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.10-14.28.1.x86_64",
"product": {
"name": "apache2-prefork-2.4.10-14.28.1.x86_64",
"product_id": "apache2-prefork-2.4.10-14.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.10-14.28.1.x86_64",
"product": {
"name": "apache2-utils-2.4.10-14.28.1.x86_64",
"product_id": "apache2-utils-2.4.10-14.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.10-14.28.1.x86_64",
"product": {
"name": "apache2-worker-2.4.10-14.28.1.x86_64",
"product_id": "apache2-worker-2.4.10-14.28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.10-14.28.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le"
},
"product_reference": "apache2-2.4.10-14.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.10-14.28.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x"
},
"product_reference": "apache2-2.4.10-14.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.10-14.28.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64"
},
"product_reference": "apache2-2.4.10-14.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.10-14.28.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch"
},
"product_reference": "apache2-doc-2.4.10-14.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.10-14.28.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.10-14.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.10-14.28.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x"
},
"product_reference": "apache2-example-pages-2.4.10-14.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.10-14.28.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.10-14.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.10-14.28.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.10-14.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.10-14.28.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x"
},
"product_reference": "apache2-prefork-2.4.10-14.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.10-14.28.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.10-14.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.10-14.28.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.10-14.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.10-14.28.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x"
},
"product_reference": "apache2-utils-2.4.10-14.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.10-14.28.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64"
},
"product_reference": "apache2-utils-2.4.10-14.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.10-14.28.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.10-14.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.10-14.28.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x"
},
"product_reference": "apache2-worker-2.4.10-14.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.10-14.28.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
},
"product_reference": "apache2-worker-2.4.10-14.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-3167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3167"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3167",
"url": "https://www.suse.com/security/cve/CVE-2017-3167"
},
{
"category": "external",
"summary": "SUSE Bug 1045065 for CVE-2017-3167",
"url": "https://bugzilla.suse.com/1045065"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2017-3167",
"url": "https://bugzilla.suse.com/1078450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-18T11:46:36Z",
"details": "important"
}
],
"title": "CVE-2017-3167"
},
{
"cve": "CVE-2017-3169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-3169"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-3169",
"url": "https://www.suse.com/security/cve/CVE-2017-3169"
},
{
"category": "external",
"summary": "SUSE Bug 1045062 for CVE-2017-3169",
"url": "https://bugzilla.suse.com/1045062"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2017-3169",
"url": "https://bugzilla.suse.com/1078450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-18T11:46:36Z",
"details": "moderate"
}
],
"title": "CVE-2017-3169"
},
{
"cve": "CVE-2017-7679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7679"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7679",
"url": "https://www.suse.com/security/cve/CVE-2017-7679"
},
{
"category": "external",
"summary": "SUSE Bug 1045060 for CVE-2017-7679",
"url": "https://bugzilla.suse.com/1045060"
},
{
"category": "external",
"summary": "SUSE Bug 1057861 for CVE-2017-7679",
"url": "https://bugzilla.suse.com/1057861"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2017-7679",
"url": "https://bugzilla.suse.com/1078450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-18T11:46:36Z",
"details": "moderate"
}
],
"title": "CVE-2017-7679"
},
{
"cve": "CVE-2017-9788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9788"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type \u0027Digest\u0027 was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no \u0027=\u0027 assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9788",
"url": "https://www.suse.com/security/cve/CVE-2017-9788"
},
{
"category": "external",
"summary": "SUSE Bug 1048576 for CVE-2017-9788",
"url": "https://bugzilla.suse.com/1048576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-18T11:46:36Z",
"details": "moderate"
}
],
"title": "CVE-2017-9788"
},
{
"cve": "CVE-2017-9798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9798"
}
],
"notes": [
{
"category": "general",
"text": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9798",
"url": "https://www.suse.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "SUSE Bug 1058058 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1058058"
},
{
"category": "external",
"summary": "SUSE Bug 1060757 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1060757"
},
{
"category": "external",
"summary": "SUSE Bug 1077582 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1077582"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1078450"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1089997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.28.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.28.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-10-18T11:46:36Z",
"details": "moderate"
}
],
"title": "CVE-2017-9798"
}
]
}
ghsa-jxf6-fx3m-8x2r
Vulnerability from github
Published
2022-05-13 01:09
Modified
2025-04-20 03:45
Severity ?
VLAI Severity ?
Details
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
{
"affected": [],
"aliases": [
"CVE-2017-9798"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-18T15:29:00Z",
"severity": "HIGH"
},
"details": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",
"id": "GHSA-jxf6-fx3m-8x2r",
"modified": "2025-04-20T03:45:26Z",
"published": "2022-05-13T01:09:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"type": "WEB",
"url": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-9798"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180601-0003"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208331"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"type": "WEB",
"url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223\u0026r2=1807754\u0026pathrev=1807754\u0026view=patch"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/42745"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2882"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2972"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3018"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"type": "WEB",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
},
{
"type": "WEB",
"url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"
},
{
"type": "WEB",
"url": "https://github.com/hannob/optionsbleed"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2017/09/18/2"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3980"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100872"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105598"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039387"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
opensuse-su-2024:10623-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
apache2-2.4.49-1.1 on GA media
Notes
Title of the patch
apache2-2.4.49-1.1 on GA media
Description of the patch
These are all security issues fixed in the apache2-2.4.49-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10623
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "apache2-2.4.49-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the apache2-2.4.49-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10623",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10623-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2005-3352 page",
"url": "https://www.suse.com/security/cve/CVE-2005-3352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2005-3357 page",
"url": "https://www.suse.com/security/cve/CVE-2005-3357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-3747 page",
"url": "https://www.suse.com/security/cve/CVE-2006-3747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-5752 page",
"url": "https://www.suse.com/security/cve/CVE-2006-5752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-1862 page",
"url": "https://www.suse.com/security/cve/CVE-2007-1862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-1863 page",
"url": "https://www.suse.com/security/cve/CVE-2007-1863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3304 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3847 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-4465 page",
"url": "https://www.suse.com/security/cve/CVE-2007-4465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-5000 page",
"url": "https://www.suse.com/security/cve/CVE-2007-5000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-6388 page",
"url": "https://www.suse.com/security/cve/CVE-2007-6388/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-6420 page",
"url": "https://www.suse.com/security/cve/CVE-2007-6420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-6421 page",
"url": "https://www.suse.com/security/cve/CVE-2007-6421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-6422 page",
"url": "https://www.suse.com/security/cve/CVE-2007-6422/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0005 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1678 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-2364 page",
"url": "https://www.suse.com/security/cve/CVE-2008-2364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-2939 page",
"url": "https://www.suse.com/security/cve/CVE-2008-2939/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5387 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8740 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9798 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10081 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10082 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10092 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10097 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10098 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9517 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9517/"
}
],
"title": "apache2-2.4.49-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10623-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.49-1.1.aarch64",
"product": {
"name": "apache2-2.4.49-1.1.aarch64",
"product_id": "apache2-2.4.49-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.49-1.1.ppc64le",
"product": {
"name": "apache2-2.4.49-1.1.ppc64le",
"product_id": "apache2-2.4.49-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.49-1.1.s390x",
"product": {
"name": "apache2-2.4.49-1.1.s390x",
"product_id": "apache2-2.4.49-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.49-1.1.x86_64",
"product": {
"name": "apache2-2.4.49-1.1.x86_64",
"product_id": "apache2-2.4.49-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.49-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64"
},
"product_reference": "apache2-2.4.49-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.49-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le"
},
"product_reference": "apache2-2.4.49-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.49-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x"
},
"product_reference": "apache2-2.4.49-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.49-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
},
"product_reference": "apache2-2.4.49-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-3352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2005-3352"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2005-3352",
"url": "https://www.suse.com/security/cve/CVE-2005-3352"
},
{
"category": "external",
"summary": "SUSE Bug 138083 for CVE-2005-3352",
"url": "https://bugzilla.suse.com/138083"
},
{
"category": "external",
"summary": "SUSE Bug 142507 for CVE-2005-3352",
"url": "https://bugzilla.suse.com/142507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2005-3352"
},
{
"cve": "CVE-2005-3357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2005-3357"
}
],
"notes": [
{
"category": "general",
"text": "mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2005-3357",
"url": "https://www.suse.com/security/cve/CVE-2005-3357"
},
{
"category": "external",
"summary": "SUSE Bug 138083 for CVE-2005-3357",
"url": "https://bugzilla.suse.com/138083"
},
{
"category": "external",
"summary": "SUSE Bug 142338 for CVE-2005-3357",
"url": "https://bugzilla.suse.com/142338"
},
{
"category": "external",
"summary": "SUSE Bug 186167 for CVE-2005-3357",
"url": "https://bugzilla.suse.com/186167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2005-3357"
},
{
"cve": "CVE-2006-3747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-3747"
}
],
"notes": [
{
"category": "general",
"text": "Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-3747",
"url": "https://www.suse.com/security/cve/CVE-2006-3747"
},
{
"category": "external",
"summary": "SUSE Bug 194675 for CVE-2006-3747",
"url": "https://bugzilla.suse.com/194675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2006-3747"
},
{
"cve": "CVE-2006-5752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-5752"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-5752",
"url": "https://www.suse.com/security/cve/CVE-2006-5752"
},
{
"category": "external",
"summary": "SUSE Bug 289996 for CVE-2006-5752",
"url": "https://bugzilla.suse.com/289996"
},
{
"category": "external",
"summary": "SUSE Bug 308637 for CVE-2006-5752",
"url": "https://bugzilla.suse.com/308637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2006-5752"
},
{
"cve": "CVE-2007-1862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-1862"
}
],
"notes": [
{
"category": "general",
"text": "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-1862",
"url": "https://www.suse.com/security/cve/CVE-2007-1862"
},
{
"category": "external",
"summary": "SUSE Bug 280414 for CVE-2007-1862",
"url": "https://bugzilla.suse.com/280414"
},
{
"category": "external",
"summary": "SUSE Bug 308637 for CVE-2007-1862",
"url": "https://bugzilla.suse.com/308637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-1862"
},
{
"cve": "CVE-2007-1863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-1863"
}
],
"notes": [
{
"category": "general",
"text": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-1863",
"url": "https://www.suse.com/security/cve/CVE-2007-1863"
},
{
"category": "external",
"summary": "SUSE Bug 289997 for CVE-2007-1863",
"url": "https://bugzilla.suse.com/289997"
},
{
"category": "external",
"summary": "SUSE Bug 308637 for CVE-2007-1863",
"url": "https://bugzilla.suse.com/308637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-1863"
},
{
"cve": "CVE-2007-3304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3304"
}
],
"notes": [
{
"category": "general",
"text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3304",
"url": "https://www.suse.com/security/cve/CVE-2007-3304"
},
{
"category": "external",
"summary": "SUSE Bug 286685 for CVE-2007-3304",
"url": "https://bugzilla.suse.com/286685"
},
{
"category": "external",
"summary": "SUSE Bug 308637 for CVE-2007-3304",
"url": "https://bugzilla.suse.com/308637"
},
{
"category": "external",
"summary": "SUSE Bug 422464 for CVE-2007-3304",
"url": "https://bugzilla.suse.com/422464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-3304"
},
{
"cve": "CVE-2007-3847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3847"
}
],
"notes": [
{
"category": "general",
"text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3847",
"url": "https://www.suse.com/security/cve/CVE-2007-3847"
},
{
"category": "external",
"summary": "SUSE Bug 308637 for CVE-2007-3847",
"url": "https://bugzilla.suse.com/308637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-3847"
},
{
"cve": "CVE-2007-4465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-4465"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-4465",
"url": "https://www.suse.com/security/cve/CVE-2007-4465"
},
{
"category": "external",
"summary": "SUSE Bug 308637 for CVE-2007-4465",
"url": "https://bugzilla.suse.com/308637"
},
{
"category": "external",
"summary": "SUSE Bug 310161 for CVE-2007-4465",
"url": "https://bugzilla.suse.com/310161"
},
{
"category": "external",
"summary": "SUSE Bug 325655 for CVE-2007-4465",
"url": "https://bugzilla.suse.com/325655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-4465"
},
{
"cve": "CVE-2007-5000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-5000"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-5000",
"url": "https://www.suse.com/security/cve/CVE-2007-5000"
},
{
"category": "external",
"summary": "SUSE Bug 353859 for CVE-2007-5000",
"url": "https://bugzilla.suse.com/353859"
},
{
"category": "external",
"summary": "SUSE Bug 355888 for CVE-2007-5000",
"url": "https://bugzilla.suse.com/355888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-5000"
},
{
"cve": "CVE-2007-6388",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-6388"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-6388",
"url": "https://www.suse.com/security/cve/CVE-2007-6388"
},
{
"category": "external",
"summary": "SUSE Bug 352235 for CVE-2007-6388",
"url": "https://bugzilla.suse.com/352235"
},
{
"category": "external",
"summary": "SUSE Bug 355888 for CVE-2007-6388",
"url": "https://bugzilla.suse.com/355888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-6388"
},
{
"cve": "CVE-2007-6420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-6420"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-6420",
"url": "https://www.suse.com/security/cve/CVE-2007-6420"
},
{
"category": "external",
"summary": "SUSE Bug 353261 for CVE-2007-6420",
"url": "https://bugzilla.suse.com/353261"
},
{
"category": "external",
"summary": "SUSE Bug 373903 for CVE-2007-6420",
"url": "https://bugzilla.suse.com/373903"
},
{
"category": "external",
"summary": "SUSE Bug 422464 for CVE-2007-6420",
"url": "https://bugzilla.suse.com/422464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-6420"
},
{
"cve": "CVE-2007-6421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-6421"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-6421",
"url": "https://www.suse.com/security/cve/CVE-2007-6421"
},
{
"category": "external",
"summary": "SUSE Bug 353261 for CVE-2007-6421",
"url": "https://bugzilla.suse.com/353261"
},
{
"category": "external",
"summary": "SUSE Bug 355888 for CVE-2007-6421",
"url": "https://bugzilla.suse.com/355888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2007-6421"
},
{
"cve": "CVE-2007-6422",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-6422"
}
],
"notes": [
{
"category": "general",
"text": "The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-6422",
"url": "https://www.suse.com/security/cve/CVE-2007-6422"
},
{
"category": "external",
"summary": "SUSE Bug 353261 for CVE-2007-6422",
"url": "https://bugzilla.suse.com/353261"
},
{
"category": "external",
"summary": "SUSE Bug 355888 for CVE-2007-6422",
"url": "https://bugzilla.suse.com/355888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2007-6422"
},
{
"cve": "CVE-2008-0005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0005"
}
],
"notes": [
{
"category": "general",
"text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0005",
"url": "https://www.suse.com/security/cve/CVE-2008-0005"
},
{
"category": "external",
"summary": "SUSE Bug 353262 for CVE-2008-0005",
"url": "https://bugzilla.suse.com/353262"
},
{
"category": "external",
"summary": "SUSE Bug 355888 for CVE-2008-0005",
"url": "https://bugzilla.suse.com/355888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0005"
},
{
"cve": "CVE-2008-1678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1678"
}
],
"notes": [
{
"category": "general",
"text": "Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1678",
"url": "https://www.suse.com/security/cve/CVE-2008-1678"
},
{
"category": "external",
"summary": "SUSE Bug 392096 for CVE-2008-1678",
"url": "https://bugzilla.suse.com/392096"
},
{
"category": "external",
"summary": "SUSE Bug 422464 for CVE-2008-1678",
"url": "https://bugzilla.suse.com/422464"
},
{
"category": "external",
"summary": "SUSE Bug 566238 for CVE-2008-1678",
"url": "https://bugzilla.suse.com/566238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-1678"
},
{
"cve": "CVE-2008-2364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-2364"
}
],
"notes": [
{
"category": "general",
"text": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-2364",
"url": "https://www.suse.com/security/cve/CVE-2008-2364"
},
{
"category": "external",
"summary": "SUSE Bug 408832 for CVE-2008-2364",
"url": "https://bugzilla.suse.com/408832"
},
{
"category": "external",
"summary": "SUSE Bug 422464 for CVE-2008-2364",
"url": "https://bugzilla.suse.com/422464"
},
{
"category": "external",
"summary": "SUSE Bug 443824 for CVE-2008-2364",
"url": "https://bugzilla.suse.com/443824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-2364"
},
{
"cve": "CVE-2008-2939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-2939"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-2939",
"url": "https://www.suse.com/security/cve/CVE-2008-2939"
},
{
"category": "external",
"summary": "SUSE Bug 210904 for CVE-2008-2939",
"url": "https://bugzilla.suse.com/210904"
},
{
"category": "external",
"summary": "SUSE Bug 415061 for CVE-2008-2939",
"url": "https://bugzilla.suse.com/415061"
},
{
"category": "external",
"summary": "SUSE Bug 422464 for CVE-2008-2939",
"url": "https://bugzilla.suse.com/422464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-2939"
},
{
"cve": "CVE-2016-5387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5387"
}
],
"notes": [
{
"category": "general",
"text": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5387",
"url": "https://www.suse.com/security/cve/CVE-2016-5387"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 988486 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988486"
},
{
"category": "external",
"summary": "SUSE Bug 988487 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988487"
},
{
"category": "external",
"summary": "SUSE Bug 988488 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988489"
},
{
"category": "external",
"summary": "SUSE Bug 988491 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988491"
},
{
"category": "external",
"summary": "SUSE Bug 988492 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988492"
},
{
"category": "external",
"summary": "SUSE Bug 989125 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989125"
},
{
"category": "external",
"summary": "SUSE Bug 989174 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989174"
},
{
"category": "external",
"summary": "SUSE Bug 989684 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5387"
},
{
"cve": "CVE-2016-8740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8740"
}
],
"notes": [
{
"category": "general",
"text": "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8740",
"url": "https://www.suse.com/security/cve/CVE-2016-8740"
},
{
"category": "external",
"summary": "SUSE Bug 1013648 for CVE-2016-8740",
"url": "https://bugzilla.suse.com/1013648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-8740"
},
{
"cve": "CVE-2017-9798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9798"
}
],
"notes": [
{
"category": "general",
"text": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9798",
"url": "https://www.suse.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "SUSE Bug 1058058 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1058058"
},
{
"category": "external",
"summary": "SUSE Bug 1060757 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1060757"
},
{
"category": "external",
"summary": "SUSE Bug 1077582 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1077582"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1078450"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1089997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-9798"
},
{
"cve": "CVE-2019-10081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10081"
}
],
"notes": [
{
"category": "general",
"text": "HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request\u0027s pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10081",
"url": "https://www.suse.com/security/cve/CVE-2019-10081"
},
{
"category": "external",
"summary": "SUSE Bug 1145742 for CVE-2019-10081",
"url": "https://bugzilla.suse.com/1145742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10081"
},
{
"cve": "CVE-2019-10082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10082"
}
],
"notes": [
{
"category": "general",
"text": "In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10082",
"url": "https://www.suse.com/security/cve/CVE-2019-10082"
},
{
"category": "external",
"summary": "SUSE Bug 1145741 for CVE-2019-10082",
"url": "https://bugzilla.suse.com/1145741"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10082"
},
{
"cve": "CVE-2019-10092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10092"
}
],
"notes": [
{
"category": "general",
"text": "In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10092",
"url": "https://www.suse.com/security/cve/CVE-2019-10092"
},
{
"category": "external",
"summary": "SUSE Bug 1145740 for CVE-2019-10092",
"url": "https://bugzilla.suse.com/1145740"
},
{
"category": "external",
"summary": "SUSE Bug 1182703 for CVE-2019-10092",
"url": "https://bugzilla.suse.com/1182703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-10092"
},
{
"cve": "CVE-2019-10097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10097"
}
],
"notes": [
{
"category": "general",
"text": "In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10097",
"url": "https://www.suse.com/security/cve/CVE-2019-10097"
},
{
"category": "external",
"summary": "SUSE Bug 1145739 for CVE-2019-10097",
"url": "https://bugzilla.suse.com/1145739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10097"
},
{
"cve": "CVE-2019-10098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10098"
}
],
"notes": [
{
"category": "general",
"text": "In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10098",
"url": "https://www.suse.com/security/cve/CVE-2019-10098"
},
{
"category": "external",
"summary": "SUSE Bug 1145738 for CVE-2019-10098",
"url": "https://bugzilla.suse.com/1145738"
},
{
"category": "external",
"summary": "SUSE Bug 1168407 for CVE-2019-10098",
"url": "https://bugzilla.suse.com/1168407"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-10098"
},
{
"cve": "CVE-2019-9517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9517"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9517",
"url": "https://www.suse.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "SUSE Bug 1145575 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1145575"
},
{
"category": "external",
"summary": "SUSE Bug 1146097 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1146097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-9517"
}
]
}
fkie_cve-2017-9798
Vulnerability from fkie_nvd
Published
2017-09-18 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://openwall.com/lists/oss-security/2017/09/18/2 | Mailing List, VDB Entry | |
| security@apache.org | http://www.debian.org/security/2017/dsa-3980 | Third Party Advisory | |
| security@apache.org | http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | Patch, Third Party Advisory | |
| security@apache.org | http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | Patch, Third Party Advisory | |
| security@apache.org | http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | Patch, Third Party Advisory | |
| security@apache.org | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | Patch, Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/100872 | Third Party Advisory, VDB Entry | |
| security@apache.org | http://www.securityfocus.com/bid/105598 | Third Party Advisory, VDB Entry | |
| security@apache.org | http://www.securitytracker.com/id/1039387 | Third Party Advisory, VDB Entry | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:2882 | Third Party Advisory | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:2972 | Third Party Advisory | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:3018 | Third Party Advisory | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:3113 | Third Party Advisory | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:3114 | Third Party Advisory | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:3193 | Third Party Advisory | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:3194 | Third Party Advisory | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:3195 | Third Party Advisory | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:3239 | Third Party Advisory | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:3240 | Third Party Advisory | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:3475 | Third Party Advisory | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:3476 | Third Party Advisory | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:3477 | Third Party Advisory | |
| security@apache.org | https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html | Exploit, Patch, Technical Description, Third Party Advisory | |
| security@apache.org | https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch | Exploit, Patch, Technical Description, Third Party Advisory | |
| security@apache.org | https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a | Patch, Vendor Advisory | |
| security@apache.org | https://github.com/hannob/optionsbleed | Exploit, Third Party Advisory | |
| security@apache.org | https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798 | Vendor Advisory | |
| security@apache.org | https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://security-tracker.debian.org/tracker/CVE-2017-9798 | Third Party Advisory | |
| security@apache.org | https://security.gentoo.org/glsa/201710-32 | Third Party Advisory | |
| security@apache.org | https://security.netapp.com/advisory/ntap-20180601-0003/ | Third Party Advisory | |
| security@apache.org | https://support.apple.com/HT208331 | Third Party Advisory | |
| security@apache.org | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us | Third Party Advisory | |
| security@apache.org | https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch | Vendor Advisory | |
| security@apache.org | https://www.exploit-db.com/exploits/42745/ | Exploit, Third Party Advisory, VDB Entry | |
| security@apache.org | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| security@apache.org | https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Third Party Advisory | |
| security@apache.org | https://www.tenable.com/security/tns-2019-09 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/09/18/2 | Mailing List, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3980 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100872 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105598 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039387 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2882 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2972 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3018 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3113 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3114 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3193 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3194 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3195 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3239 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3240 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3475 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3476 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3477 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html | Exploit, Patch, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch | Exploit, Patch, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hannob/optionsbleed | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2017-9798 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201710-32 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20180601-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT208331 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/42745/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2019-09 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | http_server | * | |
| apache | http_server | 2.4.0 | |
| apache | http_server | 2.4.1 | |
| apache | http_server | 2.4.2 | |
| apache | http_server | 2.4.3 | |
| apache | http_server | 2.4.4 | |
| apache | http_server | 2.4.6 | |
| apache | http_server | 2.4.7 | |
| apache | http_server | 2.4.9 | |
| apache | http_server | 2.4.10 | |
| apache | http_server | 2.4.12 | |
| apache | http_server | 2.4.16 | |
| apache | http_server | 2.4.17 | |
| apache | http_server | 2.4.18 | |
| apache | http_server | 2.4.20 | |
| apache | http_server | 2.4.23 | |
| apache | http_server | 2.4.25 | |
| apache | http_server | 2.4.26 | |
| apache | http_server | 2.4.27 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE75C79F-7F36-41C1-BF03-97416A06D81F",
"versionEndIncluding": "2.2.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC40E89-2D57-4988-913E-024BFB56B367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCD3C8C-9BF8-4F30-981A-593EEAEB9EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "046487A3-752B-4D0F-8984-96486B828EAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "89D2E052-51CD-4B57-A8B8-FAE51988D654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA27058-BACF-4F94-8E3C-7D38EC302EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FEAB0DF-04A9-4F99-8666-0BADC5D642B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E7D924D1-8A36-4C43-9E56-52814F9A6350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "39CDFECC-E26D-47E0-976F-6629040B3764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E3ECBCB1-0675-41F5-857B-438F36925F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6CBFBF-74F6-42AF-BC79-AA53EA75F00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8717A96B-9DB5-48D6-A2CF-A5E2B26AF3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F45B27-504B-4202-87B8-BD3B094003F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "F2FB2B98-DFD2-420A-8A7F-9B288651242F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B803D25B-0A19-4569-BA05-09D58F33917C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "8510442C-212F-4013-85FA-E0AB59F6F2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5673AB-53BB-40B2-83A7-8B82B2D0EBB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "FBB3ED63-45CA-44AB-973C-9AD2569AD800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "FF30AD98-9CBA-456E-A827-79FCEDEB30A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c."
},
{
"lang": "es",
"value": "Apache httpd permite que atacantes remotos lean datos secretos de la memoria de proceso si la directiva Limit se puede establecer en un archivo .htaccess del usuario o si existen ciertos errores de configuraci\u00f3n en httpd.conf. Esto tambi\u00e9n se conoce como Optionsbleed. Esta vulnerabilidad afecta a Apache HTTP Server hasta la versi\u00f3n 2.2.34 y a las versiones 2.4.x hasta la 2.4.27. El atacante env\u00eda una petici\u00f3n HTTP OPTIONS sin autenticar cuando intenta leer datos secretos. Este es un problema de uso de memoria previamente liberada y, por lo tanto, los datos secretos no siempre se env\u00edan y los datos espec\u00edficos dependen de muchos factores, entre los que se encuentra la configuraci\u00f3n. La explotaci\u00f3n con .htaccess puede bloquearse con un parche en la funci\u00f3n ap_limit_section en server/core.c."
}
],
"id": "CVE-2017-9798",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-18T15:29:00.307",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/09/18/2"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3980"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100872"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105598"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039387"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2882"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2972"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3018"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Patch",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Patch",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/hannob/optionsbleed"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-9798"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180601-0003/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT208331"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223\u0026r2=1807754\u0026pathrev=1807754\u0026view=patch"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42745/"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/09/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/hannob/optionsbleed"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-9798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180601-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT208331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223\u0026r2=1807754\u0026pathrev=1807754\u0026view=patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42745/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-09"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
wid-sec-w-2023-1594
Vulnerability from csaf_certbund
Published
2023-06-28 22:00
Modified
2023-06-28 22:00
Summary
IBM Tivoli Network Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Tivoli Network Manager ist eine Netzanalysesoftware für das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Tivoli Network Manager ist eine Netzanalysesoftware f\u00fcr das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1594 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1594.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1594 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1594"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/885316"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/884276"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/883428"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/883424"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/882926"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/882898"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/882888"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/880403"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/880401"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/880395"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/879855"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/879841"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870546"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870526"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870508"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870504"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870500"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870498"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/743933"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739297"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739271"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739249"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739247"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739245"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739243"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/738231"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/731931"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730883"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730871"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730845"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730835"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730171"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/720307"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/720283"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/720265"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/718745"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717345"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717335"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717327"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717007"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/716573"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/712213"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/712199"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/570557"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/569765"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/569727"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/569717"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/305321"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/304091"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/304089"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/303663"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/303657"
}
],
"source_lang": "en-US",
"title": "IBM Tivoli Network Manager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-06-28T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:53:31.776+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1594",
"initial_release_date": "2023-06-28T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-06-28T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 5",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 5",
"product_id": "T028343",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_5"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9",
"product_id": "T028344",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.1.1",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.1.1",
"product_id": "T028345",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.1.1"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.2",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.2",
"product_id": "T028346",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.2"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.4",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.4",
"product_id": "T028347",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.4"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.5",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.5",
"product_id": "T028348",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.5"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 4",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 4",
"product_id": "T028349",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_4"
}
}
}
],
"category": "product_name",
"name": "Tivoli Network Manager"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-4046",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-4046"
},
{
"cve": "CVE-2019-4030",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-4030"
},
{
"cve": "CVE-2019-2684",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2684"
},
{
"cve": "CVE-2019-2602",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2602"
},
{
"cve": "CVE-2019-2537",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2537"
},
{
"cve": "CVE-2019-2534",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2534"
},
{
"cve": "CVE-2019-2531",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2531"
},
{
"cve": "CVE-2019-2529",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2529"
},
{
"cve": "CVE-2019-2503",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2503"
},
{
"cve": "CVE-2019-2482",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2482"
},
{
"cve": "CVE-2019-2481",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2481"
},
{
"cve": "CVE-2019-2455",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2455"
},
{
"cve": "CVE-2019-1559",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-1559"
},
{
"cve": "CVE-2019-0220",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-0220"
},
{
"cve": "CVE-2018-8039",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-8039"
},
{
"cve": "CVE-2018-5407",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-5407"
},
{
"cve": "CVE-2018-3282",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3282"
},
{
"cve": "CVE-2018-3278",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3278"
},
{
"cve": "CVE-2018-3276",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3276"
},
{
"cve": "CVE-2018-3251",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3251"
},
{
"cve": "CVE-2018-3247",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3247"
},
{
"cve": "CVE-2018-3174",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3174"
},
{
"cve": "CVE-2018-3156",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3156"
},
{
"cve": "CVE-2018-3143",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3143"
},
{
"cve": "CVE-2018-3123",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3123"
},
{
"cve": "CVE-2018-3084",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3084"
},
{
"cve": "CVE-2018-3082",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3082"
},
{
"cve": "CVE-2018-3081",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3081"
},
{
"cve": "CVE-2018-3080",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3080"
},
{
"cve": "CVE-2018-3079",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3079"
},
{
"cve": "CVE-2018-3078",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3078"
},
{
"cve": "CVE-2018-3077",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3077"
},
{
"cve": "CVE-2018-3075",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3075"
},
{
"cve": "CVE-2018-3074",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3074"
},
{
"cve": "CVE-2018-3073",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3073"
},
{
"cve": "CVE-2018-3071",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3071"
},
{
"cve": "CVE-2018-3070",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3070"
},
{
"cve": "CVE-2018-3067",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3067"
},
{
"cve": "CVE-2018-3066",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3066"
},
{
"cve": "CVE-2018-3065",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3065"
},
{
"cve": "CVE-2018-3064",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3064"
},
{
"cve": "CVE-2018-3063",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3063"
},
{
"cve": "CVE-2018-3062",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3062"
},
{
"cve": "CVE-2018-3061",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3061"
},
{
"cve": "CVE-2018-3060",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3060"
},
{
"cve": "CVE-2018-3058",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3058"
},
{
"cve": "CVE-2018-3056",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3056"
},
{
"cve": "CVE-2018-3054",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3054"
},
{
"cve": "CVE-2018-2877",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2877"
},
{
"cve": "CVE-2018-2846",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2846"
},
{
"cve": "CVE-2018-2839",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2839"
},
{
"cve": "CVE-2018-2819",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2819"
},
{
"cve": "CVE-2018-2818",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2818"
},
{
"cve": "CVE-2018-2817",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2817"
},
{
"cve": "CVE-2018-2816",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2816"
},
{
"cve": "CVE-2018-2813",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2813"
},
{
"cve": "CVE-2018-2812",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2812"
},
{
"cve": "CVE-2018-2810",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2810"
},
{
"cve": "CVE-2018-2805",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2805"
},
{
"cve": "CVE-2018-2787",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2787"
},
{
"cve": "CVE-2018-2786",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2786"
},
{
"cve": "CVE-2018-2784",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2784"
},
{
"cve": "CVE-2018-2782",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2782"
},
{
"cve": "CVE-2018-2781",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2781"
},
{
"cve": "CVE-2018-2780",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2780"
},
{
"cve": "CVE-2018-2779",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2779"
},
{
"cve": "CVE-2018-2778",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2778"
},
{
"cve": "CVE-2018-2777",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2777"
},
{
"cve": "CVE-2018-2776",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2776"
},
{
"cve": "CVE-2018-2775",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2775"
},
{
"cve": "CVE-2018-2773",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2773"
},
{
"cve": "CVE-2018-2771",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2771"
},
{
"cve": "CVE-2018-2769",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2769"
},
{
"cve": "CVE-2018-2766",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2766"
},
{
"cve": "CVE-2018-2762",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2762"
},
{
"cve": "CVE-2018-2761",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2761"
},
{
"cve": "CVE-2018-2759",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2759"
},
{
"cve": "CVE-2018-2758",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2758"
},
{
"cve": "CVE-2018-2755",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2755"
},
{
"cve": "CVE-2018-2598",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2598"
},
{
"cve": "CVE-2018-1996",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1996"
},
{
"cve": "CVE-2018-1926",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1926"
},
{
"cve": "CVE-2018-1904",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1904"
},
{
"cve": "CVE-2018-1902",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1902"
},
{
"cve": "CVE-2018-1901",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1901"
},
{
"cve": "CVE-2018-1798",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1798"
},
{
"cve": "CVE-2018-1797",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1797"
},
{
"cve": "CVE-2018-1794",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1794"
},
{
"cve": "CVE-2018-1793",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1793"
},
{
"cve": "CVE-2018-1777",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1777"
},
{
"cve": "CVE-2018-1770",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1770"
},
{
"cve": "CVE-2018-1767",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1767"
},
{
"cve": "CVE-2018-1719",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1719"
},
{
"cve": "CVE-2018-1695",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1695"
},
{
"cve": "CVE-2018-1656",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1656"
},
{
"cve": "CVE-2018-1643",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1643"
},
{
"cve": "CVE-2018-1621",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1621"
},
{
"cve": "CVE-2018-1614",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1614"
},
{
"cve": "CVE-2018-1567",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1567"
},
{
"cve": "CVE-2018-1447",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1447"
},
{
"cve": "CVE-2018-1428",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1428"
},
{
"cve": "CVE-2018-1427",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1427"
},
{
"cve": "CVE-2018-1426",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1426"
},
{
"cve": "CVE-2018-1301",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1301"
},
{
"cve": "CVE-2018-12539",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-12539"
},
{
"cve": "CVE-2018-10237",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-10237"
},
{
"cve": "CVE-2018-0734",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-0732",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-0732"
},
{
"cve": "CVE-2017-9798",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-9798"
},
{
"cve": "CVE-2017-3738",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3738"
},
{
"cve": "CVE-2017-3737",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3737"
},
{
"cve": "CVE-2017-3736",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3736"
},
{
"cve": "CVE-2017-3735",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3735"
},
{
"cve": "CVE-2017-3732",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3732"
},
{
"cve": "CVE-2017-1743",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1743"
},
{
"cve": "CVE-2017-1741",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1741"
},
{
"cve": "CVE-2017-1731",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1731"
},
{
"cve": "CVE-2017-1681",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1681"
},
{
"cve": "CVE-2017-15715",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-15715"
},
{
"cve": "CVE-2017-15710",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-15710"
},
{
"cve": "CVE-2017-12624",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-12624"
},
{
"cve": "CVE-2017-12618",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-12618"
},
{
"cve": "CVE-2017-12613",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-12613"
},
{
"cve": "CVE-2016-0705",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2016-0705"
},
{
"cve": "CVE-2016-0702",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2016-0702"
},
{
"cve": "CVE-2016-0701",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2016-0701"
},
{
"cve": "CVE-2015-0899",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2015-0899"
},
{
"cve": "CVE-2014-7810",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2014-7810"
},
{
"cve": "CVE-2012-5783",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2012-5783"
}
]
}
gsd-2017-9798
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-9798",
"description": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",
"id": "GSD-2017-9798",
"references": [
"https://www.suse.com/security/cve/CVE-2017-9798.html",
"https://www.debian.org/security/2017/dsa-3980",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3018",
"https://access.redhat.com/errata/RHSA-2017:2972",
"https://access.redhat.com/errata/RHSA-2017:2882",
"https://ubuntu.com/security/CVE-2017-9798",
"https://advisories.mageia.org/CVE-2017-9798.html",
"https://security.archlinux.org/CVE-2017-9798",
"https://alas.aws.amazon.com/cve/html/CVE-2017-9798.html",
"https://linux.oracle.com/cve/CVE-2017-9798.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-9798"
],
"details": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",
"id": "GSD-2017-9798",
"modified": "2023-12-13T01:21:07.809408Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-9798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:3113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name": "100872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100872"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "RHSA-2017:2882",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2882"
},
{
"name": "RHSA-2017:2972",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2972"
},
{
"name": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"
},
{
"name": "https://support.apple.com/HT208331",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208331"
},
{
"name": "1039387",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039387"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"name": "RHSA-2017:3475",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"name": "https://github.com/hannob/optionsbleed",
"refsource": "MISC",
"url": "https://github.com/hannob/optionsbleed"
},
{
"name": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223\u0026r2=1807754\u0026pathrev=1807754\u0026view=patch",
"refsource": "MISC",
"url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223\u0026r2=1807754\u0026pathrev=1807754\u0026view=patch"
},
{
"name": "RHSA-2017:3240",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"name": "RHSA-2017:3195",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"name": "RHSA-2017:3018",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3018"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2017:3239",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"name": "RHSA-2017:3476",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"name": "105598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105598"
},
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2017:3114",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"name": "RHSA-2017:3477",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"name": "http://openwall.com/lists/oss-security/2017/09/18/2",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/09/18/2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180601-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180601-0003/"
},
{
"name": "RHSA-2017:3194",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-9798",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-9798"
},
{
"name": "RHSA-2017:3193",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"name": "DSA-3980",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3980"
},
{
"name": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
},
{
"name": "42745",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42745/"
},
{
"name": "GLSA-201710-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.tenable.com/security/tns-2019-09",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a",
"refsource": "MISC",
"url": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.34",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-9798"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-9798",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-9798"
},
{
"name": "https://github.com/hannob/optionsbleed",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/hannob/optionsbleed"
},
{
"name": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
"refsource": "MISC",
"tags": [
"Exploit",
"Patch",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"
},
{
"name": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Patch",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
},
{
"name": "http://openwall.com/lists/oss-security/2017/09/18/2",
"refsource": "MISC",
"tags": [
"Mailing List",
"VDB Entry"
],
"url": "http://openwall.com/lists/oss-security/2017/09/18/2"
},
{
"name": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223\u0026r2=1807754\u0026pathrev=1807754\u0026view=patch",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223\u0026r2=1807754\u0026pathrev=1807754\u0026view=patch"
},
{
"name": "42745",
"refsource": "EXPLOIT-DB",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42745/"
},
{
"name": "1039387",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039387"
},
{
"name": "100872",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100872"
},
{
"name": "GLSA-201710-32",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"name": "DSA-3980",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3980"
},
{
"name": "RHSA-2017:3240",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"name": "RHSA-2017:3239",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"name": "RHSA-2017:3195",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"name": "RHSA-2017:3194",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"name": "RHSA-2017:3193",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"name": "RHSA-2017:3114",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"name": "RHSA-2017:3113",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name": "RHSA-2017:3018",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3018"
},
{
"name": "RHSA-2017:2972",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2972"
},
{
"name": "RHSA-2017:2882",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2882"
},
{
"name": "RHSA-2017:3477",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"name": "RHSA-2017:3476",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"name": "RHSA-2017:3475",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"name": "https://support.apple.com/HT208331",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT208331"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180601-0003/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180601-0003/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "105598",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105598"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.tenable.com/security/tns-2019-09",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-06-06T11:15Z",
"publishedDate": "2017-09-18T15:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…