Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-11759 (GCVE-0-2018-11759)
Vulnerability from cvelistv5
Published
2018-10-31 20:00
Modified
2024-08-05 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat Connectors |
Version: Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:08.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4357",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4357"
},
{
"name": "RHSA-2019:0367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "105888",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105888"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html"
},
{
"name": "RHSA-2019:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tomcat Connectors",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44"
}
]
}
],
"datePublic": "2018-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T16:10:16",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "DSA-4357",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4357"
},
{
"name": "RHSA-2019:0367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "105888",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105888"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html"
},
{
"name": "RHSA-2019:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-11759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat Connectors",
"version": {
"version_data": [
{
"version_value": "Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4357",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4357"
},
{
"name": "RHSA-2019:0367",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "105888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105888"
},
{
"name": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html"
},
{
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-11759",
"datePublished": "2018-10-31T20:00:00",
"dateReserved": "2018-06-05T00:00:00",
"dateUpdated": "2024-08-05T08:17:08.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-11759\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-10-31T20:29:00.293\",\"lastModified\":\"2024-11-21T03:43:58.277\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.\"},{\"lang\":\"es\",\"value\":\"El c\u00f3digo espec\u00edfico de Apache Web Server (httpd) que normalizaba la ruta antes de compararla con el mapa URI-worker en Apache Tomcat JK (mod_jk) Connector, desde la versi\u00f3n 1.2.0 hasta la 1.2.44, no gestionaba correctamente algunos casos extremos. Si solo un subconjunto de las URL soportadas por Tomcat estuviese expuesto mediante httpd, una petici\u00f3n especialmente construida podr\u00eda exponer funcionalidades de la aplicaci\u00f3n mediante el proxy inverso que no estaba pensado para que los clientes accediesen a la aplicaci\u00f3n a trav\u00e9s de \u00e9l. En algunas configuraciones, tambi\u00e9n era posible que una petici\u00f3n especialmente construida omita los controles de acceso configurados en htttpd. Aunque existe cierto solapamiento entre este problema y CVE-2018-1323, no son id\u00e9nticos.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat_jk_connector:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.2.0\",\"versionEndIncluding\":\"1.2.44\",\"matchCriteriaId\":\"0E321BC2-1C72-4FCE-B931-E4D00B313C17\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B453CF7-9AA6-4B94-A003-BF7AE0B82F53\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105888\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0366\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad%40%3Cannounce.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4357\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.securityfocus.com/bid/105888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0366\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad%40%3Cannounce.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4357\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
suse-su-2023:4513-1
Vulnerability from csaf_suse
Published
2023-11-21 16:25
Modified
2023-11-21 16:25
Summary
Security update for apache2-mod_jk
Notes
Title of the patch
Security update for apache2-mod_jk
Description of the patch
This update for apache2-mod_jk fixes the following issues:
Update to version 1.2.49:
Apache
* Retrieve default request id from mod_unique_id. It can also be
taken from an arbitrary environment variable by configuring
'JkRequestIdIndicator'.
* Don't delegate the generatation of the response body to httpd
when the status code represents an error if the request used
the HEAD method.
* Only export the main module symbol. Visibility of module
internal symbols led to crashes when conflicting with library
symbols. Based on a patch provided by Josef Čejka.
* Remove support for implicit mapping of requests to workers.
All mappings must now be explicit.
IIS
* Set default request id as a GUID. It can also be taken from an
arbitrary request header by configuring 'request_id_header'.
* Fix non-empty check for the Translate header.
Common
* Fix compiler warning when initializing and copying fixed
length strings.
* Add a request id to mod_jk log lines.
* Enable configure to find the correct sizes for pid_t and
pthread_t when building on MacOS.
* Fix Clang 15/16 compatability. Pull request #6 provided by
Sam James.
* Improve XSS hardening in status worker.
* Add additional bounds and error checking when reading AJP
messages.
Docs
* Remove support for the Netscape / Sun ONE / Oracle iPlanet Web
Server as the product has been retired.
* Remove links to the old JK2 documentation. The JK2
documentation is still available, it is just no longer linked
from the current JK documentation.
* Restructure subsections in changelog starting with version
1.2.45.
Changes for 1.2.47 and 1.2.48 updates:
* Add: Apache: Extend trace level logging of method entry/exit to
aid debugging of request mapping issues.
* Fix: Apache: Fix a bug in the normalization checks that prevented
file based requests, such as SSI file includes, from being processed.
* Fix: Apache: When using JkAutoAlias, ensure that files that include
spaces in their name are accessible.
* Update: Common: Update the documentation to reflect that the source
code for the Apache Tomcat Connectors has moved from Subversion to Git.
* Fix: Common: When using set_session_cookie, ensure that an updated session
cookie is issued if the load-balancer has to failover to a different worker.
* Update: Common: Update config.guess and config.sub from
https://git.savannah.gnu.org/git/config.git.
* Update: Common: Update release script for migration to git.
Update to version 1.2.46
Fixes:
* Apache: Fix regression in 1.2.44 which resulted in
socket_connect_timeout to be interpreted in units of seconds
instead of milliseconds on platforms that provide poll(). (rjung)
* Security: CVE-2018-11759 Connector path traversal [bsc#1114612]
Update to version 1.2.45
Fixes:
* Correct regression in 1.2.44 that broke request handling for
OPTIONS * requests. (rjung)
* Improve path parameter parsing so that the session ID specified
by the session_path worker property for load-balanced workers
can be extracted from a path parameter in any segment of the
URI, rather than only from the final segment. (markt)
* Apache: Improve path parameter handling so that JkStripSession
can remove session IDs that are specified on path parameters in any
segment of the URI rather than only the final segment. (markt)
* IIS: Improve path parameter handling so that strip_session can
remove session IDs that are specified on path parameters in any
segment of the URI rather than only the final segment. (markt)
Updates:
* Apache: Update the documentation to note additional
limitations of the JkAutoAlias directive. (markt)
Code:
* Common: Optimize path parameter handling. (rjung)
Update to version 1.2.44
Updates:
* Remove the Novell Netware make files and Netware specific source
code since there has not been a supported version of Netware
available for over five years. (markt)
* Apache: Update the documentation to use httpd 2.4.x style access
control directives. (markt)
* Update PCRE bundled with the ISAPI redirector to 8.42. (rjung)
* Update config.guess and config.sub from
https://git.savannah.gnu.org/git/config.git. (rjung)
Fixes:
* Common: Use Local, rather than Global, mutexs on Windows to
better support multi-user environments. (markt)
* Apache: Use poll rather than select to avoid the limitations of
select triggering an httpd crash. Patch provided by Koen Wilde. (markt)
* ISAPI: Remove the check that rejects requests that contain path
segments that match WEB-INF or META-INF as it duplicates a check
that Tomcat performs and, because ISAPI does not have visibility of
the current context path, it is impossible to implement this check
without valid requests being rejected. (markt)
* Refactor normalisation of request URIs to a common location and align
the normalisation implementation for mod_jk with that implemented by
Tomcat. (markt)
Add:
* Clarify the behvaiour of lb workers when all ajp13 workers fail with
particular reference to the role of the retries attribute. (markt)
* Add the new load-balancer worker property lb_retries to improve the
control over the number of retries. Based on a patch provided by
Frederik Nosi. (markt)
* Add a note to the documentation that the CollapseSlashes options are
now effectively hard-coded to CollpaseSlashesAll due to the changes
made to align normalization with that implemented in Tomcat. (markt)
Patchnames
SUSE-2023-4513,SUSE-SLE-Module-Server-Applications-15-SP4-2023-4513,SUSE-SLE-Module-Server-Applications-15-SP5-2023-4513,openSUSE-SLE-15.4-2023-4513,openSUSE-SLE-15.5-2023-4513
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2-mod_jk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2-mod_jk fixes the following issues:\n\nUpdate to version 1.2.49:\n Apache\n * Retrieve default request id from mod_unique_id. It can also be\n taken from an arbitrary environment variable by configuring\n \u0027JkRequestIdIndicator\u0027.\n * Don\u0027t delegate the generatation of the response body to httpd\n when the status code represents an error if the request used\n the HEAD method.\n * Only export the main module symbol. Visibility of module \n internal symbols led to crashes when conflicting with library\n symbols. Based on a patch provided by Josef \u010cejka.\n * Remove support for implicit mapping of requests to workers. \n All mappings must now be explicit.\n IIS\n * Set default request id as a GUID. It can also be taken from an\n arbitrary request header by configuring \u0027request_id_header\u0027.\n * Fix non-empty check for the Translate header.\n Common\n * Fix compiler warning when initializing and copying fixed \n length strings.\n * Add a request id to mod_jk log lines.\n * Enable configure to find the correct sizes for pid_t and \n pthread_t when building on MacOS.\n * Fix Clang 15/16 compatability. Pull request #6 provided by \n Sam James.\n * Improve XSS hardening in status worker.\n * Add additional bounds and error checking when reading AJP \n messages.\n Docs\n * Remove support for the Netscape / Sun ONE / Oracle iPlanet Web\n Server as the product has been retired.\n * Remove links to the old JK2 documentation. The JK2 \n documentation is still available, it is just no longer linked\n from the current JK documentation.\n * Restructure subsections in changelog starting with version \n 1.2.45.\n\nChanges for 1.2.47 and 1.2.48 updates:\n * Add: Apache: Extend trace level logging of method entry/exit to\n aid debugging of request mapping issues.\n * Fix: Apache: Fix a bug in the normalization checks that prevented\n file based requests, such as SSI file includes, from being processed.\n * Fix: Apache: When using JkAutoAlias, ensure that files that include\n spaces in their name are accessible.\n * Update: Common: Update the documentation to reflect that the source\n code for the Apache Tomcat Connectors has moved from Subversion to Git.\n * Fix: Common: When using set_session_cookie, ensure that an updated session\n cookie is issued if the load-balancer has to failover to a different worker.\n * Update: Common: Update config.guess and config.sub from\n https://git.savannah.gnu.org/git/config.git.\n * Update: Common: Update release script for migration to git.\n\nUpdate to version 1.2.46\n Fixes:\n * Apache: Fix regression in 1.2.44 which resulted in\n socket_connect_timeout to be interpreted in units of seconds\n instead of milliseconds on platforms that provide poll(). (rjung)\n * Security: CVE-2018-11759 Connector path traversal [bsc#1114612]\n\nUpdate to version 1.2.45\n Fixes:\n * Correct regression in 1.2.44 that broke request handling for\n OPTIONS * requests. (rjung)\n * Improve path parameter parsing so that the session ID specified\n by the session_path worker property for load-balanced workers\n can be extracted from a path parameter in any segment of the\n URI, rather than only from the final segment. (markt)\n * Apache: Improve path parameter handling so that JkStripSession\n can remove session IDs that are specified on path parameters in any\n segment of the URI rather than only the final segment. (markt)\n * IIS: Improve path parameter handling so that strip_session can\n remove session IDs that are specified on path parameters in any\n segment of the URI rather than only the final segment. (markt) \n Updates:\n * Apache: Update the documentation to note additional\n limitations of the JkAutoAlias directive. (markt)\n Code:\n * Common: Optimize path parameter handling. (rjung)\n\nUpdate to version 1.2.44\n Updates:\n * Remove the Novell Netware make files and Netware specific source\n code since there has not been a supported version of Netware\n available for over five years. (markt)\n * Apache: Update the documentation to use httpd 2.4.x style access\n control directives. (markt)\n * Update PCRE bundled with the ISAPI redirector to 8.42. (rjung)\n * Update config.guess and config.sub from\n https://git.savannah.gnu.org/git/config.git. (rjung)\n Fixes:\n * Common: Use Local, rather than Global, mutexs on Windows to\n better support multi-user environments. (markt)\n * Apache: Use poll rather than select to avoid the limitations of\n select triggering an httpd crash. Patch provided by Koen Wilde. (markt)\n * ISAPI: Remove the check that rejects requests that contain path\n segments that match WEB-INF or META-INF as it duplicates a check\n that Tomcat performs and, because ISAPI does not have visibility of\n the current context path, it is impossible to implement this check\n without valid requests being rejected. (markt)\n * Refactor normalisation of request URIs to a common location and align\n the normalisation implementation for mod_jk with that implemented by\n Tomcat. (markt)\n Add:\n * Clarify the behvaiour of lb workers when all ajp13 workers fail with\n particular reference to the role of the retries attribute. (markt)\n * Add the new load-balancer worker property lb_retries to improve the\n control over the number of retries. Based on a patch provided by\n Frederik Nosi. (markt)\n * Add a note to the documentation that the CollapseSlashes options are\n now effectively hard-coded to CollpaseSlashesAll due to the changes\n made to align normalization with that implemented in Tomcat. (markt)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-4513,SUSE-SLE-Module-Server-Applications-15-SP4-2023-4513,SUSE-SLE-Module-Server-Applications-15-SP5-2023-4513,openSUSE-SLE-15.4-2023-4513,openSUSE-SLE-15.5-2023-4513",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4513-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:4513-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234513-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:4513-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017156.html"
},
{
"category": "self",
"summary": "SUSE Bug 1114612",
"url": "https://bugzilla.suse.com/1114612"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11759 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11759/"
}
],
"title": "Security update for apache2-mod_jk",
"tracking": {
"current_release_date": "2023-11-21T16:25:57Z",
"generator": {
"date": "2023-11-21T16:25:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:4513-1",
"initial_release_date": "2023-11-21T16:25:57Z",
"revision_history": [
{
"date": "2023-11-21T16:25:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"product": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"product_id": "apache2-mod_jk-1.2.49-150100.6.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.i586",
"product": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.i586",
"product_id": "apache2-mod_jk-1.2.49-150100.6.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"product": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"product_id": "apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"product": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"product_id": "apache2-mod_jk-1.2.49-150100.6.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"product": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"product_id": "apache2-mod_jk-1.2.49-150100.6.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.s390x"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.s390x"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.s390x"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.s390x"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.49-150100.6.6.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64"
},
"product_reference": "apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11759"
}
],
"notes": [
{
"category": "general",
"text": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11759",
"url": "https://www.suse.com/security/cve/CVE-2018-11759"
},
{
"category": "external",
"summary": "SUSE Bug 1114612 for CVE-2018-11759",
"url": "https://bugzilla.suse.com/1114612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"openSUSE Leap 15.4:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64",
"openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.aarch64",
"openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.ppc64le",
"openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.s390x",
"openSUSE Leap 15.5:apache2-mod_jk-1.2.49-150100.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-21T16:25:57Z",
"details": "important"
}
],
"title": "CVE-2018-11759"
}
]
}
suse-su-2018:3963-2
Vulnerability from csaf_suse
Published
2019-05-31 14:52
Modified
2019-05-31 14:52
Summary
Security update for apache2-mod_jk
Notes
Title of the patch
Security update for apache2-mod_jk
Description of the patch
This update for apache2-mod_jk fixes the following issue:
Security issue fixed:
- CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612).
Patchnames
SUSE-SLE-SERVER-12-SP4-2019-1400
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2-mod_jk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2-mod_jk fixes the following issue:\n\nSecurity issue fixed:\n\n- CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-SP4-2019-1400",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3963-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3963-2",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183963-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3963-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-May/005526.html"
},
{
"category": "self",
"summary": "SUSE Bug 1114612",
"url": "https://bugzilla.suse.com/1114612"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11759 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11759/"
}
],
"title": "Security update for apache2-mod_jk",
"tracking": {
"current_release_date": "2019-05-31T14:52:55Z",
"generator": {
"date": "2019-05-31T14:52:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3963-2",
"initial_release_date": "2019-05-31T14:52:55Z",
"revision_history": [
{
"date": "2019-05-31T14:52:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.40-7.3.1.aarch64",
"product": {
"name": "apache2-mod_jk-1.2.40-7.3.1.aarch64",
"product_id": "apache2-mod_jk-1.2.40-7.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.40-7.3.1.ppc64le",
"product": {
"name": "apache2-mod_jk-1.2.40-7.3.1.ppc64le",
"product_id": "apache2-mod_jk-1.2.40-7.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.40-7.3.1.s390x",
"product": {
"name": "apache2-mod_jk-1.2.40-7.3.1.s390x",
"product_id": "apache2-mod_jk-1.2.40-7.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.40-7.3.1.x86_64",
"product": {
"name": "apache2-mod_jk-1.2.40-7.3.1.x86_64",
"product_id": "apache2-mod_jk-1.2.40-7.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-7.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.aarch64"
},
"product_reference": "apache2-mod_jk-1.2.40-7.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-7.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.ppc64le"
},
"product_reference": "apache2-mod_jk-1.2.40-7.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-7.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.s390x"
},
"product_reference": "apache2-mod_jk-1.2.40-7.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-7.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.x86_64"
},
"product_reference": "apache2-mod_jk-1.2.40-7.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-7.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.aarch64"
},
"product_reference": "apache2-mod_jk-1.2.40-7.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-7.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.ppc64le"
},
"product_reference": "apache2-mod_jk-1.2.40-7.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-7.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.s390x"
},
"product_reference": "apache2-mod_jk-1.2.40-7.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-7.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.x86_64"
},
"product_reference": "apache2-mod_jk-1.2.40-7.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11759"
}
],
"notes": [
{
"category": "general",
"text": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11759",
"url": "https://www.suse.com/security/cve/CVE-2018-11759"
},
{
"category": "external",
"summary": "SUSE Bug 1114612 for CVE-2018-11759",
"url": "https://bugzilla.suse.com/1114612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-mod_jk-1.2.40-7.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_jk-1.2.40-7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-31T14:52:55Z",
"details": "important"
}
],
"title": "CVE-2018-11759"
}
]
}
suse-su-2018:3969-1
Vulnerability from csaf_suse
Published
2018-12-03 14:37
Modified
2018-12-03 14:37
Summary
Security update for apache2-mod_jk
Notes
Title of the patch
Security update for apache2-mod_jk
Description of the patch
This update for apache2-mod_jk fixes the following issue:
Security issue fixed:
- CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612).
Patchnames
SUSE-SLE-Module-Server-Applications-15-2018-2828
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2-mod_jk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2-mod_jk fixes the following issue:\n\nSecurity issue fixed:\n\n- CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Server-Applications-15-2018-2828",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3969-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3969-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183969-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3969-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183969-1.html"
},
{
"category": "self",
"summary": "SUSE Bug 1114612",
"url": "https://bugzilla.suse.com/1114612"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11759 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11759/"
}
],
"title": "Security update for apache2-mod_jk",
"tracking": {
"current_release_date": "2018-12-03T14:37:42Z",
"generator": {
"date": "2018-12-03T14:37:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3969-1",
"initial_release_date": "2018-12-03T14:37:42Z",
"revision_history": [
{
"date": "2018-12-03T14:37:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.43-3.3.1.aarch64",
"product": {
"name": "apache2-mod_jk-1.2.43-3.3.1.aarch64",
"product_id": "apache2-mod_jk-1.2.43-3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.43-3.3.1.ppc64le",
"product": {
"name": "apache2-mod_jk-1.2.43-3.3.1.ppc64le",
"product_id": "apache2-mod_jk-1.2.43-3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.43-3.3.1.s390x",
"product": {
"name": "apache2-mod_jk-1.2.43-3.3.1.s390x",
"product_id": "apache2-mod_jk-1.2.43-3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.43-3.3.1.x86_64",
"product": {
"name": "apache2-mod_jk-1.2.43-3.3.1.x86_64",
"product_id": "apache2-mod_jk-1.2.43-3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.43-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.aarch64"
},
"product_reference": "apache2-mod_jk-1.2.43-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.43-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.ppc64le"
},
"product_reference": "apache2-mod_jk-1.2.43-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.43-3.3.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.s390x"
},
"product_reference": "apache2-mod_jk-1.2.43-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.43-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.x86_64"
},
"product_reference": "apache2-mod_jk-1.2.43-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11759"
}
],
"notes": [
{
"category": "general",
"text": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11759",
"url": "https://www.suse.com/security/cve/CVE-2018-11759"
},
{
"category": "external",
"summary": "SUSE Bug 1114612 for CVE-2018-11759",
"url": "https://bugzilla.suse.com/1114612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-mod_jk-1.2.43-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-03T14:37:42Z",
"details": "important"
}
],
"title": "CVE-2018-11759"
}
]
}
suse-su-2018:3970-1
Vulnerability from csaf_suse
Published
2018-12-03 14:36
Modified
2018-12-03 14:36
Summary
Security update for apache2-mod_jk
Notes
Title of the patch
Security update for apache2-mod_jk
Description of the patch
This update for apache2-mod_jk fixes the following issues:
Security issues fixed:
- CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612).
- CVE-2014-8111: Apache Tomcat Connectors (mod_jk) ignored JkUnmount rules for subtrees of previous JkMount rules, which allowed remote attackers to access otherwise restricted artifacts via unspecified vectors (bsc#927845).
Patchnames
slessp4-apache2-mod_jk-13888
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2-mod_jk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for apache2-mod_jk fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612).\n- CVE-2014-8111: Apache Tomcat Connectors (mod_jk) ignored JkUnmount rules for subtrees of previous JkMount rules, which allowed remote attackers to access otherwise restricted artifacts via unspecified vectors (bsc#927845).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-apache2-mod_jk-13888",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3970-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3970-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183970-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3970-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183970-1.html"
},
{
"category": "self",
"summary": "SUSE Bug 1114612",
"url": "https://bugzilla.suse.com/1114612"
},
{
"category": "self",
"summary": "SUSE Bug 927845",
"url": "https://bugzilla.suse.com/927845"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8111 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11759 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11759/"
}
],
"title": "Security update for apache2-mod_jk",
"tracking": {
"current_release_date": "2018-12-03T14:36:00Z",
"generator": {
"date": "2018-12-03T14:36:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3970-1",
"initial_release_date": "2018-12-03T14:36:00Z",
"revision_history": [
{
"date": "2018-12-03T14:36:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.40-0.2.5.1.i586",
"product": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.i586",
"product_id": "apache2-mod_jk-1.2.40-0.2.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.40-0.2.5.1.ia64",
"product": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.ia64",
"product_id": "apache2-mod_jk-1.2.40-0.2.5.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.40-0.2.5.1.ppc64",
"product": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.ppc64",
"product_id": "apache2-mod_jk-1.2.40-0.2.5.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.40-0.2.5.1.s390x",
"product": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.s390x",
"product_id": "apache2-mod_jk-1.2.40-0.2.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.40-0.2.5.1.x86_64",
"product": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.x86_64",
"product_id": "apache2-mod_jk-1.2.40-0.2.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.i586"
},
"product_reference": "apache2-mod_jk-1.2.40-0.2.5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ia64"
},
"product_reference": "apache2-mod_jk-1.2.40-0.2.5.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ppc64"
},
"product_reference": "apache2-mod_jk-1.2.40-0.2.5.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.s390x"
},
"product_reference": "apache2-mod_jk-1.2.40-0.2.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.x86_64"
},
"product_reference": "apache2-mod_jk-1.2.40-0.2.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.i586"
},
"product_reference": "apache2-mod_jk-1.2.40-0.2.5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ia64"
},
"product_reference": "apache2-mod_jk-1.2.40-0.2.5.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ppc64"
},
"product_reference": "apache2-mod_jk-1.2.40-0.2.5.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.s390x"
},
"product_reference": "apache2-mod_jk-1.2.40-0.2.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.40-0.2.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.x86_64"
},
"product_reference": "apache2-mod_jk-1.2.40-0.2.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-8111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8111"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8111",
"url": "https://www.suse.com/security/cve/CVE-2014-8111"
},
{
"category": "external",
"summary": "SUSE Bug 927845 for CVE-2014-8111",
"url": "https://bugzilla.suse.com/927845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-03T14:36:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-8111"
},
{
"cve": "CVE-2018-11759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11759"
}
],
"notes": [
{
"category": "general",
"text": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11759",
"url": "https://www.suse.com/security/cve/CVE-2018-11759"
},
{
"category": "external",
"summary": "SUSE Bug 1114612 for CVE-2018-11759",
"url": "https://bugzilla.suse.com/1114612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_jk-1.2.40-0.2.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-03T14:36:00Z",
"details": "important"
}
],
"title": "CVE-2018-11759"
}
]
}
ghsa-5q2c-33mg-8m75
Vulnerability from github
Published
2022-05-14 01:10
Modified
2022-05-14 01:10
Severity ?
VLAI Severity ?
Details
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.
{
"affected": [],
"aliases": [
"CVE-2018-11759"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-31T20:29:00Z",
"severity": "HIGH"
},
"details": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.",
"id": "GHSA-5q2c-33mg-8m75",
"modified": "2022-05-14T01:10:15Z",
"published": "2022-05-14T01:10:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11759"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4357"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105888"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
opensuse-su-2024:10625-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
apache2-mod_jk-1.2.48-2.9 on GA media
Notes
Title of the patch
apache2-mod_jk-1.2.48-2.9 on GA media
Description of the patch
These are all security issues fixed in the apache2-mod_jk-1.2.48-2.9 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10625
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "apache2-mod_jk-1.2.48-2.9 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the apache2-mod_jk-1.2.48-2.9 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10625",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10625-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0774 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0774/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11759 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1323 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1323/"
}
],
"title": "apache2-mod_jk-1.2.48-2.9 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10625-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.48-2.9.aarch64",
"product": {
"name": "apache2-mod_jk-1.2.48-2.9.aarch64",
"product_id": "apache2-mod_jk-1.2.48-2.9.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.48-2.9.ppc64le",
"product": {
"name": "apache2-mod_jk-1.2.48-2.9.ppc64le",
"product_id": "apache2-mod_jk-1.2.48-2.9.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.48-2.9.s390x",
"product": {
"name": "apache2-mod_jk-1.2.48-2.9.s390x",
"product_id": "apache2-mod_jk-1.2.48-2.9.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.48-2.9.x86_64",
"product": {
"name": "apache2-mod_jk-1.2.48-2.9.x86_64",
"product_id": "apache2-mod_jk-1.2.48-2.9.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.48-2.9.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.aarch64"
},
"product_reference": "apache2-mod_jk-1.2.48-2.9.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.48-2.9.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.ppc64le"
},
"product_reference": "apache2-mod_jk-1.2.48-2.9.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.48-2.9.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.s390x"
},
"product_reference": "apache2-mod_jk-1.2.48-2.9.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.48-2.9.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.x86_64"
},
"product_reference": "apache2-mod_jk-1.2.48-2.9.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-0774",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0774"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.aarch64",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.ppc64le",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.s390x",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0774",
"url": "https://www.suse.com/security/cve/CVE-2007-0774"
},
{
"category": "external",
"summary": "SUSE Bug 248157 for CVE-2007-0774",
"url": "https://bugzilla.suse.com/248157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.aarch64",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.ppc64le",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.s390x",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-0774"
},
{
"cve": "CVE-2018-11759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11759"
}
],
"notes": [
{
"category": "general",
"text": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.aarch64",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.ppc64le",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.s390x",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11759",
"url": "https://www.suse.com/security/cve/CVE-2018-11759"
},
{
"category": "external",
"summary": "SUSE Bug 1114612 for CVE-2018-11759",
"url": "https://bugzilla.suse.com/1114612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.aarch64",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.ppc64le",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.s390x",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.aarch64",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.ppc64le",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.s390x",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-11759"
},
{
"cve": "CVE-2018-1323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1323"
}
],
"notes": [
{
"category": "general",
"text": "The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.aarch64",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.ppc64le",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.s390x",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1323",
"url": "https://www.suse.com/security/cve/CVE-2018-1323"
},
{
"category": "external",
"summary": "SUSE Bug 1085220 for CVE-2018-1323",
"url": "https://bugzilla.suse.com/1085220"
},
{
"category": "external",
"summary": "SUSE Bug 1114612 for CVE-2018-1323",
"url": "https://bugzilla.suse.com/1114612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.aarch64",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.ppc64le",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.s390x",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.aarch64",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.ppc64le",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.s390x",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.48-2.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1323"
}
]
}
gsd-2018-11759
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-11759",
"description": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.",
"id": "GSD-2018-11759",
"references": [
"https://www.suse.com/security/cve/CVE-2018-11759.html",
"https://www.debian.org/security/2018/dsa-4357",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://access.redhat.com/errata/RHSA-2019:0366"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-11759"
],
"details": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.",
"id": "GSD-2018-11759",
"modified": "2023-12-13T01:22:42.540137Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-11759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat Connectors",
"version": {
"version_data": [
{
"version_value": "Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4357",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4357"
},
{
"name": "RHSA-2019:0367",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "105888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105888"
},
{
"name": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html"
},
{
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat_jk_connector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.44",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-11759"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E",
"refsource": "MISC",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "105888",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105888"
},
{
"name": "[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html"
},
{
"name": "DSA-4357",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4357"
},
{
"name": "RHSA-2019:0367",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-04-15T16:31Z",
"publishedDate": "2018-10-31T20:29Z"
}
}
}
rhsa-2019:0366
Vulnerability from csaf_redhat
Published
2019-02-18 16:55
Modified
2025-08-04 12:06
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.29 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now available.
Red Hat Product Security has rated this release as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.29 Service Pack 1 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.29, and includes bug fixes and enhancements. Refer
to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.
Security Fix(es):
* db4: libdb: Reads DB_CONFIG from the current working directory (CVE-2017-10140)
* httpd: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)
* httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)
* httpd: Out of bound access after failure in reading the HTTP request (CVE-2018-1301)
* httpd: Use-after-free on HTTP/2 stream shutdown (CVE-2018-1302)
* httpd: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715)
* httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)
* httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service (CVE-2018-1303)
* httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)
* httpd: mod_http2: too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)
* mod_jk: connector path traversal due to mishandled HTTP requests in httpd (CVE-2018-11759)
* nghttp2: Null pointer dereference when too large ALTSVC frame is received (CVE-2018-1000168)
* openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)
Details around this issue, including information about the CVE, severity of
the issue, and the CVSS score can be found on the CVE page listed in the
Reference section below.
The CVE-2018-1000168 issue was discovered by The Nghttp2 Project.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Core Services Pack Apache Server 2.4.29 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now available.\n\nRed Hat Product Security has rated this release as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release adds the new Apache HTTP Server 2.4.29 Service Pack 1 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.29, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* db4: libdb: Reads DB_CONFIG from the current working directory (CVE-2017-10140)\n* httpd: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)\n* httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)\n* httpd: Out of bound access after failure in reading the HTTP request (CVE-2018-1301)\n* httpd: Use-after-free on HTTP/2 stream shutdown (CVE-2018-1302)\n* httpd: \u003cFilesMatch\u003e bypass with a trailing newline in the file name (CVE-2017-15715)\n* httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)\n* httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service (CVE-2018-1303)\n* httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)\n* httpd: mod_http2: too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)\n* mod_jk: connector path traversal due to mishandled HTTP requests in httpd (CVE-2018-11759)\n* nghttp2: Null pointer dereference when too large ALTSVC frame is received (CVE-2018-1000168)\n* openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)\n\nDetails around this issue, including information about the CVE, severity of\nthe issue, and the CVSS score can be found on the CVE page listed in the\nReference section below.\n\nThe CVE-2018-1000168 issue was discovered by The Nghttp2 Project.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0366",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1464032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464032"
},
{
"category": "external",
"summary": "1560395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395"
},
{
"category": "external",
"summary": "1560399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399"
},
{
"category": "external",
"summary": "1560599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599"
},
{
"category": "external",
"summary": "1560614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614"
},
{
"category": "external",
"summary": "1560625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560625"
},
{
"category": "external",
"summary": "1560634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634"
},
{
"category": "external",
"summary": "1560643",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643"
},
{
"category": "external",
"summary": "1561266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561266"
},
{
"category": "external",
"summary": "1565035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565035"
},
{
"category": "external",
"summary": "1605048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605048"
},
{
"category": "external",
"summary": "1633399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633399"
},
{
"category": "external",
"summary": "1645589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645589"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0366.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update",
"tracking": {
"current_release_date": "2025-08-04T12:06:59+00:00",
"generator": {
"date": "2025-08-04T12:06:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:0366",
"initial_release_date": "2019-02-18T16:55:17+00:00",
"revision_history": [
{
"date": "2019-02-18T16:55:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-18T16:55:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T12:06:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Text-Only JBCS",
"product": {
"name": "Text-Only JBCS",
"product_id": "Text-Only JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10140",
"discovery_date": "2017-06-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1464032"
}
],
"notes": [
{
"category": "description",
"text": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libdb: Reads DB_CONFIG from the current working directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of libdb as shipped with Red Hat Satellite 6.0, 6.1 and 6.2. This package no longer ships with Satellite 6.3. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-10140"
},
{
"category": "external",
"summary": "RHBZ#1464032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464032"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-10140",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10140"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10140",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10140"
}
],
"release_date": "2017-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"category": "workaround",
"details": "Do not use an application using libdb if an untrusted user can create a DB_CONFIG file in its working directory.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libdb: Reads DB_CONFIG from the current working directory"
},
{
"cve": "CVE-2017-15710",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2018-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560599"
}
],
"notes": [
{
"category": "description",
"text": "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user\u0027s credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15710"
},
{
"category": "external",
"summary": "RHBZ#1560599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15710",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15710"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values"
},
{
"cve": "CVE-2017-15715",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2018-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560614"
}
],
"notes": [
{
"category": "description",
"text": "In Apache httpd 2.4.0 to 2.4.29, the expression specified in \u003cFilesMatch\u003e could match \u0027$\u0027 to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: \u003cFilesMatch\u003e bypass with a trailing newline in the file name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The \"FilesMatch\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux.\n\nRed Hat Satellite 6 uses Red Hat Enterprise Linux 7\u0027s httpd package, and enables the \"FilesMatch\" directive. However, this is not believed to have an impact on security, as, in the context of a Satellite, no one is expected to have the ability to modify file names in the concerned directories. This is not considered as a vector for attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15715"
},
{
"category": "external",
"summary": "RHBZ#1560614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15715"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: \u003cFilesMatch\u003e bypass with a trailing newline in the file name"
},
{
"cve": "CVE-2018-0739",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1561266"
}
],
"notes": [
{
"category": "description",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "RHBZ#1561266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561266"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0739",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0739"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20180327.txt",
"url": "https://www.openssl.org/news/secadv/20180327.txt"
}
],
"release_date": "2018-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service"
},
{
"cve": "CVE-2018-1283",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560395"
}
],
"notes": [
{
"category": "description",
"text": "It has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a \"Session\" header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include mod_session module.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1283"
},
{
"category": "external",
"summary": "RHBZ#1560395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1283"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications"
},
{
"cve": "CVE-2018-1301",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560643"
}
],
"notes": [
{
"category": "description",
"text": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out of bounds access after failure in reading the HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1301"
},
{
"category": "external",
"summary": "RHBZ#1560643",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1301"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1301",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1301"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Out of bounds access after failure in reading the HTTP request"
},
{
"cve": "CVE-2018-1302",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2018-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560625"
}
],
"notes": [
{
"category": "description",
"text": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free on HTTP/2 stream shutdown",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1302"
},
{
"category": "external",
"summary": "RHBZ#1560625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1302"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1302",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1302"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Use-after-free on HTTP/2 stream shutdown"
},
{
"cve": "CVE-2018-1303",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560399"
}
],
"notes": [
{
"category": "description",
"text": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The versions of httpd package shipped with Red Hat Enterprise Linux are by default configured in prefork MPM mode, which means that this flaw can result in a crash of child process. The main web server process will not be killed. Also, though the module is loaded by default, it needs to be specifically enabled in order to be exposed to the security flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1303"
},
{
"category": "external",
"summary": "RHBZ#1560399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1303",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1303"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1303",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1303"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS"
},
{
"cve": "CVE-2018-1312",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2018-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560634"
}
],
"notes": [
{
"category": "description",
"text": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Weak Digest auth nonce generation in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The \"AuthType Digest\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux. Also upstream discourages the use of mod_auth_digest because of its inherent security weaknesses and recommends the use of mod_ssl.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1312"
},
{
"category": "external",
"summary": "RHBZ#1560634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1312",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1312"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1312",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1312"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Weak Digest auth nonce generation in mod_auth_digest"
},
{
"cve": "CVE-2018-1333",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-07-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1605048"
}
],
"notes": [
{
"category": "description",
"text": "By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1333"
},
{
"category": "external",
"summary": "RHBZ#1605048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605048"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1333",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1333"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1333",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1333"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333"
}
],
"release_date": "2018-07-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS"
},
{
"cve": "CVE-2018-11759",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2018-10-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645589"
}
],
"notes": [
{
"category": "description",
"text": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_jk: connector path traversal due to mishandled HTTP requests in httpd",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11759"
},
{
"category": "external",
"summary": "RHBZ#1645589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645589"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11759",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11759"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11759",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11759"
}
],
"release_date": "2018-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mod_jk: connector path traversal due to mishandled HTTP requests in httpd"
},
{
"cve": "CVE-2018-11763",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-09-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1633399"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: DoS for HTTP/2 connections by continuous SETTINGS frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11763"
},
{
"category": "external",
"summary": "RHBZ#1633399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633399"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11763",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11763"
}
],
"release_date": "2018-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: DoS for HTTP/2 connections by continuous SETTINGS frames"
},
{
"acknowledgments": [
{
"names": [
"the Nghttp2 project"
]
}
],
"cve": "CVE-2018-1000168",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1565035"
}
],
"notes": [
{
"category": "description",
"text": "nghttp2 version \u003e= 1.10.0 and nghttp2 \u003c= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in \u003e= 1.31.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: Null pointer dereference when too large ALTSVC frame is received",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000168"
},
{
"category": "external",
"summary": "RHBZ#1565035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565035"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000168",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000168"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
}
],
"release_date": "2018-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nghttp2: Null pointer dereference when too large ALTSVC frame is received"
}
]
}
rhsa-2019:0367
Vulnerability from csaf_redhat
Published
2019-02-18 16:58
Modified
2025-08-04 12:06
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
Notes
Topic
An update is now available for JBoss Core Services on RHEL 6 and RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 1 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section.
Security Fixes:
* httpd: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)
* httpd: Weak Digest auth nonce generation in mod_auth_digest
(CVE-2018-1312)
* httpd: Out of bound access after failure in reading the HTTP request
(CVE-2018-1301)
* httpd: Use-after-free on HTTP/2 stream shutdown (CVE-2018-1302)
* httpd: <FilesMatch> bypass with a trailing newline in the file name
(CVE-2017-15715)
* httpd: Out of bound write in mod_authnz_ldap when using too small
Accept-Language values (CVE-2017-15710)
* httpd: Out of bounds read in mod_cache_socache can allow a remote
attacker to cause a denial of service (CVE-2018-1303)
* httpd: Improper handling of headers in mod_session can allow a remote
user to modify session data for CGI applications (CVE-2018-1283)
* httpd: mod_http2: too much time allocated to workers, possibly leading to
DoS (CVE-2018-1333)
* mod_jk: connector path traversal due to mishandled HTTP requests in httpd
(CVE-2018-11759)
* nghttp2: Null pointer dereference when too large ALTSVC frame is received
(CVE-2018-1000168)
* openssl: Handling of crafted recursive ASN.1 structures can cause a stack
overflow and resulting denial of service (CVE-2018-0739)
Details around each issue, including information about the CVE, severity of
the issue, and the CVSS score, can be found on the CVE pages listed in the
Reference section below.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for JBoss Core Services on RHEL 6 and RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 1 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section.\n\nSecurity Fixes:\n\n* httpd: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)\n\n* httpd: Weak Digest auth nonce generation in mod_auth_digest\n(CVE-2018-1312)\n\n* httpd: Out of bound access after failure in reading the HTTP request\n(CVE-2018-1301)\n\n* httpd: Use-after-free on HTTP/2 stream shutdown (CVE-2018-1302)\n\n* httpd: \u003cFilesMatch\u003e bypass with a trailing newline in the file name\n(CVE-2017-15715)\n\n* httpd: Out of bound write in mod_authnz_ldap when using too small\nAccept-Language values (CVE-2017-15710)\n\n* httpd: Out of bounds read in mod_cache_socache can allow a remote\nattacker to cause a denial of service (CVE-2018-1303)\n\n* httpd: Improper handling of headers in mod_session can allow a remote\nuser to modify session data for CGI applications (CVE-2018-1283)\n\n* httpd: mod_http2: too much time allocated to workers, possibly leading to\nDoS (CVE-2018-1333)\n\n* mod_jk: connector path traversal due to mishandled HTTP requests in httpd\n(CVE-2018-11759)\n\n* nghttp2: Null pointer dereference when too large ALTSVC frame is received\n(CVE-2018-1000168)\n\n* openssl: Handling of crafted recursive ASN.1 structures can cause a stack\noverflow and resulting denial of service (CVE-2018-0739)\n\nDetails around each issue, including information about the CVE, severity of\nthe issue, and the CVSS score, can be found on the CVE pages listed in the\nReference section below.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0367",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1560395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395"
},
{
"category": "external",
"summary": "1560399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399"
},
{
"category": "external",
"summary": "1560599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599"
},
{
"category": "external",
"summary": "1560614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614"
},
{
"category": "external",
"summary": "1560625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560625"
},
{
"category": "external",
"summary": "1560634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634"
},
{
"category": "external",
"summary": "1560643",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643"
},
{
"category": "external",
"summary": "1561266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561266"
},
{
"category": "external",
"summary": "1565035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565035"
},
{
"category": "external",
"summary": "1605048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605048"
},
{
"category": "external",
"summary": "1633399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633399"
},
{
"category": "external",
"summary": "1645589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645589"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0367.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update",
"tracking": {
"current_release_date": "2025-08-04T12:06:50+00:00",
"generator": {
"date": "2025-08-04T12:06:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:0367",
"initial_release_date": "2019-02-18T16:58:59+00:00",
"revision_history": [
{
"date": "2019-02-18T16:58:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-18T16:58:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T12:06:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-0:1-6.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-0:1-6.jbcs.el6.src",
"product_id": "jbcs-httpd24-0:1-6.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"product_id": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"product_id": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-14.jbcs.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-3.redhat_2.jbcs.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-1.redhat_1.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"product_id": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-0:1-6.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-0:1-6.jbcs.el7.src",
"product_id": "jbcs-httpd24-0:1-6.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"product_id": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"product_id": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-14.jbcs.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-3.redhat_2.jbcs.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-1.redhat_1.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"product_id": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-runtime@1-6.jbcs.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.29-35.jbcs.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-runtime@1-6.jbcs.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.29-35.jbcs.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-9.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-9.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-3.redhat_2.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-3.redhat_2.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-35.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-35.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-35.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-35.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-35.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-35.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-35.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-35.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-1.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-1.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-1.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-3.Final_redhat_2.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-31.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-31.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-9.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-9.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-3.redhat_2.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-3.redhat_2.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-35.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-35.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-35.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-35.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-35.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-35.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-35.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-35.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-1.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-1.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-1.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-3.Final_redhat_2.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-31.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-31.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-9.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-9.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-3.redhat_2.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-3.redhat_2.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-35.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-35.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-35.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-35.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-35.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-35.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-35.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-35.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-1.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-1.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-1.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-3.Final_redhat_2.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-31.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-31.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-24.jbcs.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-0:1-6.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-0:1-6.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-0:1-6.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-0:1-6.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-0:1-6.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-0:1-6.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JBCS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-15710",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2018-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560599"
}
],
"notes": [
{
"category": "description",
"text": "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user\u0027s credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15710"
},
{
"category": "external",
"summary": "RHBZ#1560599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15710",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15710"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values"
},
{
"cve": "CVE-2017-15715",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2018-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560614"
}
],
"notes": [
{
"category": "description",
"text": "In Apache httpd 2.4.0 to 2.4.29, the expression specified in \u003cFilesMatch\u003e could match \u0027$\u0027 to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: \u003cFilesMatch\u003e bypass with a trailing newline in the file name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The \"FilesMatch\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux.\n\nRed Hat Satellite 6 uses Red Hat Enterprise Linux 7\u0027s httpd package, and enables the \"FilesMatch\" directive. However, this is not believed to have an impact on security, as, in the context of a Satellite, no one is expected to have the ability to modify file names in the concerned directories. This is not considered as a vector for attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15715"
},
{
"category": "external",
"summary": "RHBZ#1560614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15715"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: \u003cFilesMatch\u003e bypass with a trailing newline in the file name"
},
{
"cve": "CVE-2018-0739",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1561266"
}
],
"notes": [
{
"category": "description",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "RHBZ#1561266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561266"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0739",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0739"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20180327.txt",
"url": "https://www.openssl.org/news/secadv/20180327.txt"
}
],
"release_date": "2018-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service"
},
{
"cve": "CVE-2018-1283",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560395"
}
],
"notes": [
{
"category": "description",
"text": "It has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a \"Session\" header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include mod_session module.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1283"
},
{
"category": "external",
"summary": "RHBZ#1560395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1283"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications"
},
{
"cve": "CVE-2018-1301",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560643"
}
],
"notes": [
{
"category": "description",
"text": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out of bounds access after failure in reading the HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1301"
},
{
"category": "external",
"summary": "RHBZ#1560643",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1301"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1301",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1301"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Out of bounds access after failure in reading the HTTP request"
},
{
"cve": "CVE-2018-1302",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2018-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560625"
}
],
"notes": [
{
"category": "description",
"text": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free on HTTP/2 stream shutdown",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1302"
},
{
"category": "external",
"summary": "RHBZ#1560625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1302"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1302",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1302"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Use-after-free on HTTP/2 stream shutdown"
},
{
"cve": "CVE-2018-1303",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560399"
}
],
"notes": [
{
"category": "description",
"text": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The versions of httpd package shipped with Red Hat Enterprise Linux are by default configured in prefork MPM mode, which means that this flaw can result in a crash of child process. The main web server process will not be killed. Also, though the module is loaded by default, it needs to be specifically enabled in order to be exposed to the security flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1303"
},
{
"category": "external",
"summary": "RHBZ#1560399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1303",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1303"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1303",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1303"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS"
},
{
"cve": "CVE-2018-1312",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2018-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560634"
}
],
"notes": [
{
"category": "description",
"text": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Weak Digest auth nonce generation in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The \"AuthType Digest\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux. Also upstream discourages the use of mod_auth_digest because of its inherent security weaknesses and recommends the use of mod_ssl.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1312"
},
{
"category": "external",
"summary": "RHBZ#1560634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1312",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1312"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1312",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1312"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Weak Digest auth nonce generation in mod_auth_digest"
},
{
"cve": "CVE-2018-1333",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-07-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1605048"
}
],
"notes": [
{
"category": "description",
"text": "By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1333"
},
{
"category": "external",
"summary": "RHBZ#1605048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605048"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1333",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1333"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1333",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1333"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333"
}
],
"release_date": "2018-07-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS"
},
{
"cve": "CVE-2018-11759",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2018-10-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645589"
}
],
"notes": [
{
"category": "description",
"text": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_jk: connector path traversal due to mishandled HTTP requests in httpd",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11759"
},
{
"category": "external",
"summary": "RHBZ#1645589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645589"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11759",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11759"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11759",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11759"
}
],
"release_date": "2018-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mod_jk: connector path traversal due to mishandled HTTP requests in httpd"
},
{
"cve": "CVE-2018-11763",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-09-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1633399"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: DoS for HTTP/2 connections by continuous SETTINGS frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11763"
},
{
"category": "external",
"summary": "RHBZ#1633399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633399"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11763",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11763"
}
],
"release_date": "2018-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: DoS for HTTP/2 connections by continuous SETTINGS frames"
},
{
"acknowledgments": [
{
"names": [
"the Nghttp2 project"
]
}
],
"cve": "CVE-2018-1000168",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1565035"
}
],
"notes": [
{
"category": "description",
"text": "nghttp2 version \u003e= 1.10.0 and nghttp2 \u003c= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in \u003e= 1.31.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: Null pointer dereference when too large ALTSVC frame is received",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000168"
},
{
"category": "external",
"summary": "RHBZ#1565035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565035"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000168",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000168"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
}
],
"release_date": "2018-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nghttp2: Null pointer dereference when too large ALTSVC frame is received"
}
]
}
wid-sec-w-2023-2984
Vulnerability from csaf_certbund
Published
2018-10-31 23:00
Modified
2023-11-21 23:00
Summary
Apache Tomcat JK Connector: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tomcat JK Connector ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tomcat JK Connector ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2984 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2023-2984.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2984 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2984"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4513-1 vom 2023-11-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017156.html"
},
{
"category": "external",
"summary": "Apache Tomcat Security Site vom 2018-10-31",
"url": "http://tomcat.apache.org/security-jk.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:3963-1 vom 2018-12-04",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183963-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:3969-1 vom 2018-12-04",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183969-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:3970-1 vom 2018-12-04",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183970-1.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4357 vom 2018-12-21",
"url": "https://www.debian.org/security/2018/dsa-4357"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:0367 vom 2019-02-18",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:0366 vom 2019-02-18",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:3963-2 vom 2019-06-03",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20183963-2.html"
}
],
"source_lang": "en-US",
"title": "Apache Tomcat JK Connector: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2023-11-21T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:01:57.442+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2984",
"initial_release_date": "2018-10-31T23:00:00.000+00:00",
"revision_history": [
{
"date": "2018-10-31T23:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2018-12-03T23:00:00.000+00:00",
"number": "2",
"summary": "New remediations available"
},
{
"date": "2018-12-20T23:00:00.000+00:00",
"number": "3",
"summary": "New remediations available"
},
{
"date": "2019-02-18T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-06-02T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-21T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Apache Tomcat JK Connector 1.2.46",
"product": {
"name": "Apache Tomcat JK Connector 1.2.46",
"product_id": "T013030",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:jk_connector_1.2.46"
}
}
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11759",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Apache Tomcat JK Connector. Unter bestimmten Umst\u00e4nden werden Anfragen nicht ordnungsgem\u00e4\u00df verarbeitet. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um durch das Senden speziell bearbeiteter Anfragen Sicherheitsrestriktionen zu umgehen und unberechtigte Zugriffe zu erhalten."
}
],
"product_status": {
"known_affected": [
"T013030",
"2951",
"T002207",
"67646"
]
},
"release_date": "2018-10-31T23:00:00.000+00:00",
"title": "CVE-2018-11759"
}
]
}
fkie_cve-2018-11759
Vulnerability from fkie_nvd
Published
2018-10-31 20:29
Modified
2024-11-21 03:43
Severity ?
Summary
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.securityfocus.com/bid/105888 | Third Party Advisory, VDB Entry | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2019:0366 | Third Party Advisory | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2019:0367 | Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad%40%3Cannounce.tomcat.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E | ||
| security@apache.org | https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html | Mailing List, Third Party Advisory | |
| security@apache.org | https://www.debian.org/security/2018/dsa-4357 | Third Party Advisory | |
| security@apache.org | https://www.oracle.com/security-alerts/cpujan2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105888 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0366 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0367 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad%40%3Cannounce.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4357 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2020.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | tomcat_jk_connector | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | jboss_core_services | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat_jk_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E321BC2-1C72-4FCE-B931-E4D00B313C17",
"versionEndIncluding": "1.2.44",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical."
},
{
"lang": "es",
"value": "El c\u00f3digo espec\u00edfico de Apache Web Server (httpd) que normalizaba la ruta antes de compararla con el mapa URI-worker en Apache Tomcat JK (mod_jk) Connector, desde la versi\u00f3n 1.2.0 hasta la 1.2.44, no gestionaba correctamente algunos casos extremos. Si solo un subconjunto de las URL soportadas por Tomcat estuviese expuesto mediante httpd, una petici\u00f3n especialmente construida podr\u00eda exponer funcionalidades de la aplicaci\u00f3n mediante el proxy inverso que no estaba pensado para que los clientes accediesen a la aplicaci\u00f3n a trav\u00e9s de \u00e9l. En algunas configuraciones, tambi\u00e9n era posible que una petici\u00f3n especialmente construida omita los controles de acceso configurados en htttpd. Aunque existe cierto solapamiento entre este problema y CVE-2018-1323, no son id\u00e9nticos."
}
],
"id": "CVE-2018-11759",
"lastModified": "2024-11-21T03:43:58.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-31T20:29:00.293",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105888"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4357"
},
{
"source": "security@apache.org",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…