Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-8740 (GCVE-0-2016-8740)
Vulnerability from cvelistv5
Published
2016-12-05 19:00
Modified
2024-08-06 02:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Version: 2.4.17 - 2.4.23 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:34:59.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3"
},
{
"name": "1037388",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html"
},
{
"name": "RHSA-2017:1413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name": "RHSA-2017:1161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name": "RHSA-2017:1414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
},
{
"name": "40909",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40909/"
},
{
"name": "RHSA-2017:1415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name": "94650",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94650"
},
{
"name": "GLSA-201701-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.4.17 - 2.4.23"
}
]
}
],
"datePublic": "2016-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:10:54",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3"
},
{
"name": "1037388",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html"
},
{
"name": "RHSA-2017:1413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name": "RHSA-2017:1161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name": "RHSA-2017:1414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
},
{
"name": "40909",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40909/"
},
{
"name": "RHSA-2017:1415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name": "94650",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94650"
},
{
"name": "GLSA-201701-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2016-8740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.4.17 - 2.4.23"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3",
"refsource": "CONFIRM",
"url": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3"
},
{
"name": "1037388",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037388"
},
{
"name": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html"
},
{
"name": "RHSA-2017:1413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name": "RHSA-2017:1161",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"name": "https://www.tenable.com/security/tns-2017-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name": "RHSA-2017:1414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
},
{
"name": "40909",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40909/"
},
{
"name": "RHSA-2017:1415",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name": "94650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94650"
},
{
"name": "GLSA-201701-36",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180423-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2016-8740",
"datePublished": "2016-12-05T19:00:00",
"dateReserved": "2016-10-18T00:00:00",
"dateUpdated": "2024-08-06T02:34:59.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2016-8740\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2016-12-05T19:59:00.250\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo mod_http2 en el Apache HTTP Server 2.4.17 hasta la versi\u00f3n 2.4.23, cuando la configuraci\u00f3n Protocols incluye h2 o h2c, no restringe la longitud de la cabecera de petici\u00f3n, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de marcos CONTINUATION manipulados en una petici\u00f3n HTTP/2.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1F45B27-504B-4202-87B8-BD3B094003F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2FB2B98-DFD2-420A-8A7F-9B288651242F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AE538EE-7152-4DB5-AE45-614494CB7B95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B803D25B-0A19-4569-BA05-09D58F33917C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE253E49-9A56-49C8-B1D8-E23BB3D5D1D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE5A73E5-1A04-420B-92B2-B90FD970005C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8510442C-212F-4013-85FA-E0AB59F6F2C6\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-1415.html\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.securityfocus.com/bid/94650\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037388\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1161\",\"source\":\"security@apache.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1413\",\"source\":\"security@apache.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1414\",\"source\":\"security@apache.org\"},{\"url\":\"https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.gentoo.org/glsa/201701-36\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180423-0001/\",\"source\":\"security@apache.org\"},{\"url\":\"https://support.apple.com/HT208221\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.exploit-db.com/exploits/40909/\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.tenable.com/security/tns-2017-04\",\"source\":\"security@apache.org\"},{\"url\":\"http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-1415.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/94650\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037388\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1413\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1414\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201701-36\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180423-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT208221\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/40909/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.tenable.com/security/tns-2017-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
gsd-2016-8740
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-8740",
"description": "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.",
"id": "GSD-2016-8740",
"references": [
"https://www.suse.com/security/cve/CVE-2016-8740.html",
"https://access.redhat.com/errata/RHSA-2017:1415",
"https://access.redhat.com/errata/RHSA-2017:1414",
"https://access.redhat.com/errata/RHSA-2017:1413",
"https://access.redhat.com/errata/RHSA-2017:1161"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-8740"
],
"details": "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.",
"id": "GSD-2016-8740",
"modified": "2023-12-13T01:21:22.457115Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2016-8740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.4.17 - 2.4.23"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3",
"refsource": "CONFIRM",
"url": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3"
},
{
"name": "1037388",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037388"
},
{
"name": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html"
},
{
"name": "RHSA-2017:1413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name": "RHSA-2017:1161",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"name": "https://www.tenable.com/security/tns-2017-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name": "RHSA-2017:1414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
},
{
"name": "40909",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40909/"
},
{
"name": "RHSA-2017:1415",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name": "94650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94650"
},
{
"name": "GLSA-201701-36",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180423-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2016-8740"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3"
},
{
"name": "94650",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94650"
},
{
"name": "40909",
"refsource": "EXPLOIT-DB",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40909/"
},
{
"name": "1037388",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037388"
},
{
"name": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us",
"refsource": "CONFIRM",
"tags": [],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
},
{
"name": "GLSA-201701-36",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"name": "https://www.tenable.com/security/tns-2017-04",
"refsource": "CONFIRM",
"tags": [],
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.apple.com/HT208221"
},
{
"name": "RHSA-2017:1414",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name": "RHSA-2017:1413",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name": "RHSA-2017:1161",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"name": "RHSA-2017:1415",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180423-0001/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-06-06T11:15Z",
"publishedDate": "2016-12-05T19:59Z"
}
}
}
rhsa-2017:1415
Vulnerability from csaf_redhat
Published
2017-06-07 17:43
Modified
2025-08-04 11:55
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1
Notes
Topic
An update is now available for Red Hat JBoss Core Services.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)
* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)
* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)
* A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-7056)
* A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610)
* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)
* A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. (CVE-2016-8740)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Core Services.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)\n\n* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user\u0027s browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)\n\n* A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-7056)\n\n* A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\n* A vulnerability was found in httpd\u0027s handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server\u0027s available memory, causing httpd to crash. (CVE-2016-8740)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:1415",
"url": "https://access.redhat.com/errata/RHSA-2017:1415"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.23",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.23"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
},
{
"category": "external",
"summary": "1377600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377600"
},
{
"category": "external",
"summary": "1384743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384743"
},
{
"category": "external",
"summary": "1401528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401528"
},
{
"category": "external",
"summary": "1406744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744"
},
{
"category": "external",
"summary": "1406753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753"
},
{
"category": "external",
"summary": "1406822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822"
},
{
"category": "external",
"summary": "1412120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412120"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1415.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1",
"tracking": {
"current_release_date": "2025-08-04T11:55:43+00:00",
"generator": {
"date": "2025-08-04T11:55:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:1415",
"initial_release_date": "2017-06-07T17:43:43+00:00",
"revision_history": [
{
"date": "2017-06-07T17:43:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-06-07T17:43:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T11:55:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Text-Only JBCS",
"product": {
"name": "Text-Only JBCS",
"product_id": "Text-Only JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0736",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1406744"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user\u0027s browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Padding Oracle in Apache mod_session_crypto",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0736"
},
{
"category": "external",
"summary": "RHBZ#1406744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0736"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25"
},
{
"category": "external",
"summary": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt",
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt"
}
],
"release_date": "2016-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:43:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1415"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Padding Oracle in Apache mod_session_crypto"
},
{
"cve": "CVE-2016-2161",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1406753"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: DoS vulnerability in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2161"
},
{
"category": "external",
"summary": "RHBZ#1406753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2161"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25"
}
],
"release_date": "2016-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:43:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1415"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: DoS vulnerability in mod_auth_digest"
},
{
"acknowledgments": [
{
"names": [
"the OpenSSL project"
]
},
{
"names": [
"Shi Lei"
],
"organization": "Gear Team of Qihoo 360 Inc.",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-6304",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2016-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1377600"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OCSP Status Request extension unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "TLS server applications using OpenSSL versions in Red Hat Enterprise Linux 6 and 7 are only affected if they enable OCSP stapling support. Applications not enabling OCSP stapling support are not affected. Few applications implement OCSP stapling support and typically do not enable it by default.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6304"
},
{
"category": "external",
"summary": "RHBZ#1377600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377600"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6304",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6304"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20160922.txt",
"url": "https://www.openssl.org/news/secadv/20160922.txt"
}
],
"release_date": "2016-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:43:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1415"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OCSP Status Request extension unbounded memory growth"
},
{
"cve": "CVE-2016-7056",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-01-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1412120"
}
],
"notes": [
{
"category": "description",
"text": "A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: ECDSA P-256 timing attack key recovery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to exploit this flaw, the attacker needs to be have local (shell) access to the machine where the message is being signed using the ECDSA algorithm with a P-256 elliptic curve key. Then using cache timing attacks (which needs precise timing), on multiple signature runs, the private key could be obtained. Based on the factor that exploitation is difficult, Red Hat Product Security Team has rated this flaw as having Moderate impact. A further security release may address this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7056"
},
{
"category": "external",
"summary": "RHBZ#1412120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7056",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7056"
}
],
"release_date": "2017-01-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:43:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1415"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: ECDSA P-256 timing attack key recovery"
},
{
"acknowledgments": [
{
"names": [
"Shi Lei"
],
"organization": "Gear Team of Qihoo 360 Inc."
}
],
"cve": "CVE-2016-8610",
"discovery_date": "2016-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that are compiled against OpenSSL or GnuTLS and do not allocate an extra thread for processing ClientHello messages. Nginx is affected by this issue; Apache httpd is not affected by this issue. This issue has been rated as having a security impact of Moderate. It requires an attacker to send a very large amount of SSL ALERT messages to the host network connection. This issue can also be mitigated by configuring firewalls to limit the number of connections per IP address, or use deep packet inspection to reject these type of alert packets. A future update may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8610"
},
{
"category": "external",
"summary": "RHBZ#1384743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8610"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8610",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8610"
},
{
"category": "external",
"summary": "http://security.360.cn/cve/CVE-2016-8610",
"url": "http://security.360.cn/cve/CVE-2016-8610"
}
],
"release_date": "2016-10-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:43:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1415"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS"
},
{
"cve": "CVE-2016-8740",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2016-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1401528"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in httpd\u0027s handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server\u0027s available memory, causing httpd to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Incomplete handling of LimitRequestFields directive in mod_http2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future\nupdates. For additional information, refer to the Issue Severity\nClassification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8740"
},
{
"category": "external",
"summary": "RHBZ#1401528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8740"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Dec/3",
"url": "http://seclists.org/bugtraq/2016/Dec/3"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2016-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:43:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1415"
},
{
"category": "workaround",
"details": "As a temporary workaround - HTTP/2 can be disabled by changing\nthe configuration by removing h2 and h2c from the Protocols\nline(s) in the configuration file. \n\nThe resulting line should read:\n\n\t\tProtocols http/1.1",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Incomplete handling of LimitRequestFields directive in mod_http2"
},
{
"cve": "CVE-2016-8743",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1406822"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Apache HTTP Request Parsing Whitespace Defects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8743"
},
{
"category": "external",
"summary": "RHBZ#1406822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25"
}
],
"release_date": "2016-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:43:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1415"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Apache HTTP Request Parsing Whitespace Defects"
}
]
}
rhsa-2017:1413
Vulnerability from csaf_redhat
Published
2017-06-07 17:54
Modified
2025-08-04 11:55
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7
Notes
Topic
An update is now available for Red Hat JBoss Core Services on RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)
* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)
* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)
* A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-7056)
* A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610)
* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)
* A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. (CVE-2016-8740)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Core Services on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)\n\n* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user\u0027s browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)\n\n* A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-7056)\n\n* A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\n* A vulnerability was found in httpd\u0027s handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server\u0027s available memory, causing httpd to crash. (CVE-2016-8740)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:1413",
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
},
{
"category": "external",
"summary": "1377600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377600"
},
{
"category": "external",
"summary": "1384743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384743"
},
{
"category": "external",
"summary": "1401528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401528"
},
{
"category": "external",
"summary": "1406744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744"
},
{
"category": "external",
"summary": "1406753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753"
},
{
"category": "external",
"summary": "1406822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822"
},
{
"category": "external",
"summary": "1412120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412120"
},
{
"category": "external",
"summary": "JBCS-319",
"url": "https://issues.redhat.com/browse/JBCS-319"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1413.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7",
"tracking": {
"current_release_date": "2025-08-04T11:55:33+00:00",
"generator": {
"date": "2025-08-04T11:55:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:1413",
"initial_release_date": "2017-06-07T17:54:35+00:00",
"revision_history": [
{
"date": "2017-06-07T17:54:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-06-07T17:54:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T11:55:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-13.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-13.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-13.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-13.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-13.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-13.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-19.GA.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-19.GA.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.23-120.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.23-120.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-libs@2.4.23-120.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.23-120.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-120.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.23-120.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.23-120.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.23-120.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.23-120.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.23-120.jbcs.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-13.jbcs.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-19.GA.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-120.jbcs.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.23-120.jbcs.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0736",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1406744"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user\u0027s browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Padding Oracle in Apache mod_session_crypto",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0736"
},
{
"category": "external",
"summary": "RHBZ#1406744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0736"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25"
},
{
"category": "external",
"summary": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt",
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt"
}
],
"release_date": "2016-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:54:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Padding Oracle in Apache mod_session_crypto"
},
{
"cve": "CVE-2016-2161",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1406753"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: DoS vulnerability in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2161"
},
{
"category": "external",
"summary": "RHBZ#1406753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2161"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25"
}
],
"release_date": "2016-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:54:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: DoS vulnerability in mod_auth_digest"
},
{
"acknowledgments": [
{
"names": [
"the OpenSSL project"
]
},
{
"names": [
"Shi Lei"
],
"organization": "Gear Team of Qihoo 360 Inc.",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-6304",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2016-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1377600"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OCSP Status Request extension unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "TLS server applications using OpenSSL versions in Red Hat Enterprise Linux 6 and 7 are only affected if they enable OCSP stapling support. Applications not enabling OCSP stapling support are not affected. Few applications implement OCSP stapling support and typically do not enable it by default.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6304"
},
{
"category": "external",
"summary": "RHBZ#1377600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377600"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6304",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6304"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20160922.txt",
"url": "https://www.openssl.org/news/secadv/20160922.txt"
}
],
"release_date": "2016-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:54:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OCSP Status Request extension unbounded memory growth"
},
{
"cve": "CVE-2016-7056",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-01-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1412120"
}
],
"notes": [
{
"category": "description",
"text": "A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: ECDSA P-256 timing attack key recovery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to exploit this flaw, the attacker needs to be have local (shell) access to the machine where the message is being signed using the ECDSA algorithm with a P-256 elliptic curve key. Then using cache timing attacks (which needs precise timing), on multiple signature runs, the private key could be obtained. Based on the factor that exploitation is difficult, Red Hat Product Security Team has rated this flaw as having Moderate impact. A further security release may address this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7056"
},
{
"category": "external",
"summary": "RHBZ#1412120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7056",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7056"
}
],
"release_date": "2017-01-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:54:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: ECDSA P-256 timing attack key recovery"
},
{
"acknowledgments": [
{
"names": [
"Shi Lei"
],
"organization": "Gear Team of Qihoo 360 Inc."
}
],
"cve": "CVE-2016-8610",
"discovery_date": "2016-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that are compiled against OpenSSL or GnuTLS and do not allocate an extra thread for processing ClientHello messages. Nginx is affected by this issue; Apache httpd is not affected by this issue. This issue has been rated as having a security impact of Moderate. It requires an attacker to send a very large amount of SSL ALERT messages to the host network connection. This issue can also be mitigated by configuring firewalls to limit the number of connections per IP address, or use deep packet inspection to reject these type of alert packets. A future update may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8610"
},
{
"category": "external",
"summary": "RHBZ#1384743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8610"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8610",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8610"
},
{
"category": "external",
"summary": "http://security.360.cn/cve/CVE-2016-8610",
"url": "http://security.360.cn/cve/CVE-2016-8610"
}
],
"release_date": "2016-10-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:54:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS"
},
{
"cve": "CVE-2016-8740",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2016-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1401528"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in httpd\u0027s handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server\u0027s available memory, causing httpd to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Incomplete handling of LimitRequestFields directive in mod_http2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future\nupdates. For additional information, refer to the Issue Severity\nClassification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8740"
},
{
"category": "external",
"summary": "RHBZ#1401528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8740"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Dec/3",
"url": "http://seclists.org/bugtraq/2016/Dec/3"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2016-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:54:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"category": "workaround",
"details": "As a temporary workaround - HTTP/2 can be disabled by changing\nthe configuration by removing h2 and h2c from the Protocols\nline(s) in the configuration file. \n\nThe resulting line should read:\n\n\t\tProtocols http/1.1",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Incomplete handling of LimitRequestFields directive in mod_http2"
},
{
"cve": "CVE-2016-8743",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1406822"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Apache HTTP Request Parsing Whitespace Defects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8743"
},
{
"category": "external",
"summary": "RHBZ#1406822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25"
}
],
"release_date": "2016-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:54:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Apache HTTP Request Parsing Whitespace Defects"
}
]
}
rhsa-2017:1161
Vulnerability from csaf_redhat
Published
2017-04-26 10:19
Modified
2025-08-04 11:55
Summary
Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update
Notes
Topic
Updated httpd24 packages are now available as a part of Red Hat Software Collections 2.4 for Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.
The httpd24 Software Collection has been upgraded to version 2.4.25, which provides a number of bug fixes and enhancements over the previous version. For detailed changes, see the Red Hat Software Collections 2.4 Release Notes linked from the References section. (BZ#1404778)
Security Fix(es):
* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)
* A denial of service flaw was found in httpd's mod_http2 module. A remote attacker could use this flaw to block server threads for long times, causing starvation of worker threads, by manipulating the flow control windows on streams. (CVE-2016-1546)
* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)
* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)
Note: The fix for the CVE-2016-8743 issue causes httpd to return "400 Bad Request" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive "HttpProtocolOptions Unsafe" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.
* A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. (CVE-2016-8740)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated httpd24 packages are now available as a part of Red Hat Software Collections 2.4 for Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.\n\nThe httpd24 Software Collection has been upgraded to version 2.4.25, which provides a number of bug fixes and enhancements over the previous version. For detailed changes, see the Red Hat Software Collections 2.4 Release Notes linked from the References section. (BZ#1404778)\n\nSecurity Fix(es):\n\n* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user\u0027s browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)\n\n* A denial of service flaw was found in httpd\u0027s mod_http2 module. A remote attacker could use this flaw to block server threads for long times, causing starvation of worker threads, by manipulating the flow control windows on streams. (CVE-2016-1546)\n\n* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return \"400 Bad Request\" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive \"HttpProtocolOptions Unsafe\" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\n* A vulnerability was found in httpd\u0027s handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server\u0027s available memory, causing httpd to crash. (CVE-2016-8740)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:1161",
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Software_Collections/2/html/2.4_Release_Notes/chap-RHSCL.html#sect-RHSCL-Changes-httpd",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_Software_Collections/2/html/2.4_Release_Notes/chap-RHSCL.html#sect-RHSCL-Changes-httpd"
},
{
"category": "external",
"summary": "1329639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329639"
},
{
"category": "external",
"summary": "1335616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335616"
},
{
"category": "external",
"summary": "1336350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336350"
},
{
"category": "external",
"summary": "1401528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401528"
},
{
"category": "external",
"summary": "1406744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744"
},
{
"category": "external",
"summary": "1406753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753"
},
{
"category": "external",
"summary": "1406822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822"
},
{
"category": "external",
"summary": "1414037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414037"
},
{
"category": "external",
"summary": "1432249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432249"
},
{
"category": "external",
"summary": "1433474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433474"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1161.json"
}
],
"title": "Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-08-04T11:55:01+00:00",
"generator": {
"date": "2025-08-04T11:55:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:1161",
"initial_release_date": "2017-04-26T10:19:21+00:00",
"revision_history": [
{
"date": "2017-04-26T10:19:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-04-26T10:19:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T11:55:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"product": {
"name": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"product_id": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-manual@2.4.25-9.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"product": {
"name": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"product_id": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-manual@2.4.25-9.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"product": {
"name": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"product_id": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.25-9.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"product": {
"name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"product_id": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.25-9.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"product": {
"name": "httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"product_id": "httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.25-9.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"product": {
"name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"product_id": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.25-9.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"product": {
"name": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"product_id": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.25-9.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-0:2.4.25-9.el6.x86_64",
"product": {
"name": "httpd24-httpd-0:2.4.25-9.el6.x86_64",
"product_id": "httpd24-httpd-0:2.4.25-9.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd@2.4.25-9.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"product": {
"name": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"product_id": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.25-9.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"product": {
"name": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"product_id": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.25-9.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"product": {
"name": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"product_id": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.25-9.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"product": {
"name": "httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"product_id": "httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.25-9.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"product": {
"name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"product_id": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.25-9.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"product": {
"name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"product_id": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.25-9.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"product": {
"name": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"product_id": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.25-9.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-0:2.4.25-9.el7.x86_64",
"product": {
"name": "httpd24-httpd-0:2.4.25-9.el7.x86_64",
"product_id": "httpd24-httpd-0:2.4.25-9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd@2.4.25-9.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"product": {
"name": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"product_id": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.25-9.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"product": {
"name": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"product_id": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.25-9.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd24-httpd-0:2.4.25-9.el6.src",
"product": {
"name": "httpd24-httpd-0:2.4.25-9.el6.src",
"product_id": "httpd24-httpd-0:2.4.25-9.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd@2.4.25-9.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd24-httpd-0:2.4.25-9.el7.src",
"product": {
"name": "httpd24-httpd-0:2.4.25-9.el7.src",
"product_id": "httpd24-httpd-0:2.4.25-9.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd24-httpd@2.4.25-9.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.25-9.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src"
},
"product_reference": "httpd24-httpd-0:2.4.25-9.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-httpd-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch"
},
"product_reference": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.25-9.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src"
},
"product_reference": "httpd24-httpd-0:2.4.25-9.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-httpd-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch"
},
"product_reference": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.25-9.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src"
},
"product_reference": "httpd24-httpd-0:2.4.25-9.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-httpd-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch"
},
"product_reference": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"relates_to_product_reference": "6Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.25-9.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src"
},
"product_reference": "httpd24-httpd-0:2.4.25-9.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-httpd-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch"
},
"product_reference": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)",
"product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.25-9.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src"
},
"product_reference": "httpd24-httpd-0:2.4.25-9.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-httpd-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch"
},
"product_reference": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Server-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.25-9.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src"
},
"product_reference": "httpd24-httpd-0:2.4.25-9.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-httpd-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch"
},
"product_reference": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_session-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
},
"product_reference": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"relates_to_product_reference": "7Workstation-RHSCL-2.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0736",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1406744"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user\u0027s browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Padding Oracle in Apache mod_session_crypto",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0736"
},
{
"category": "external",
"summary": "RHBZ#1406744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0736"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25"
},
{
"category": "external",
"summary": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt",
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt"
}
],
"release_date": "2016-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-04-26T10:19:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Padding Oracle in Apache mod_session_crypto"
},
{
"cve": "CVE-2016-1546",
"discovery_date": "2016-05-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1336350"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in httpd\u0027s mod_http2 module. A remote attacker could use this flaw to block server threads for long times, causing starvation of worker threads, by manipulating the flow control windows on streams.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2 denial-of-service by thread starvation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1546"
},
{
"category": "external",
"summary": "RHBZ#1336350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1546",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1546"
},
{
"category": "external",
"summary": "http://httpd.apache.org/security/vulnerabilities_24.html",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2016-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-04-26T10:19:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_http2 denial-of-service by thread starvation"
},
{
"cve": "CVE-2016-2161",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1406753"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: DoS vulnerability in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2161"
},
{
"category": "external",
"summary": "RHBZ#1406753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2161"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25"
}
],
"release_date": "2016-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-04-26T10:19:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: DoS vulnerability in mod_auth_digest"
},
{
"cve": "CVE-2016-8740",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2016-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1401528"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in httpd\u0027s handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server\u0027s available memory, causing httpd to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Incomplete handling of LimitRequestFields directive in mod_http2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future\nupdates. For additional information, refer to the Issue Severity\nClassification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8740"
},
{
"category": "external",
"summary": "RHBZ#1401528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8740"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Dec/3",
"url": "http://seclists.org/bugtraq/2016/Dec/3"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2016-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-04-26T10:19:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"category": "workaround",
"details": "As a temporary workaround - HTTP/2 can be disabled by changing\nthe configuration by removing h2 and h2c from the Protocols\nline(s) in the configuration file. \n\nThe resulting line should read:\n\n\t\tProtocols http/1.1",
"product_ids": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Incomplete handling of LimitRequestFields directive in mod_http2"
},
{
"cve": "CVE-2016-8743",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1406822"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Apache HTTP Request Parsing Whitespace Defects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8743"
},
{
"category": "external",
"summary": "RHBZ#1406822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25"
}
],
"release_date": "2016-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-04-26T10:19:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Apache HTTP Request Parsing Whitespace Defects"
},
{
"acknowledgments": [
{
"names": [
"the Apache project"
]
}
],
"cve": "CVE-2020-11985",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"discovery_date": "2020-08-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1866559"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_remoteip module shipped with the httpd package. This flaw allows an attacker to spoof the IP address, resulting in the bypass of a mod_rewrite rule. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: IP address spoofing when proxying using mod_remoteip and mod_rewrite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects httpd-2.4.x, therefore, httpd packages shipped with Red Hat Enterprise Linux 6 are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11985"
},
{
"category": "external",
"summary": "RHBZ#1866559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866559"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11985",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11985"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11985",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11985"
}
],
"release_date": "2020-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-04-26T10:19:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src",
"6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch",
"6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64",
"6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src",
"7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch",
"7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64",
"7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: IP address spoofing when proxying using mod_remoteip and mod_rewrite"
}
]
}
rhsa-2017:1414
Vulnerability from csaf_redhat
Published
2017-06-07 17:54
Modified
2025-08-04 11:55
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6
Notes
Topic
An update is now available for Red Hat JBoss Core Services on RHEL 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)
* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)
* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)
* A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-7056)
* A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610)
* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)
* A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. (CVE-2016-8740)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Core Services on RHEL 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)\n\n* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user\u0027s browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)\n\n* A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-7056)\n\n* A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\n* A vulnerability was found in httpd\u0027s handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server\u0027s available memory, causing httpd to crash. (CVE-2016-8740)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:1414",
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
},
{
"category": "external",
"summary": "1377600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377600"
},
{
"category": "external",
"summary": "1384743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384743"
},
{
"category": "external",
"summary": "1401528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401528"
},
{
"category": "external",
"summary": "1406744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744"
},
{
"category": "external",
"summary": "1406753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753"
},
{
"category": "external",
"summary": "1406822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822"
},
{
"category": "external",
"summary": "1412120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412120"
},
{
"category": "external",
"summary": "JBCS-318",
"url": "https://issues.redhat.com/browse/JBCS-318"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1414.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6",
"tracking": {
"current_release_date": "2025-08-04T11:55:37+00:00",
"generator": {
"date": "2025-08-04T11:55:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2017:1414",
"initial_release_date": "2017-06-07T17:54:17+00:00",
"revision_history": [
{
"date": "2017-06-07T17:54:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-06-07T17:54:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T11:55:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-13.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-13.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-13.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-13.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-13.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-13.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-19.GA.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-19.GA.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.23-120.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.23-120.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.23-120.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-libs@2.4.23-120.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.23-120.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-120.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.23-120.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.23-120.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.23-120.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.23-120.jbcs.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-13.jbcs.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-19.GA.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-120.jbcs.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-13.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-13.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-13.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-13.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-13.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-13.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-19.GA.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-19.GA.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.23-120.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.23-120.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.23-120.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-libs@2.4.23-120.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.23-120.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-120.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.23-120.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.23-120.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.23-120.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.23-120.jbcs.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.23-120.jbcs.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0736",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1406744"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user\u0027s browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Padding Oracle in Apache mod_session_crypto",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0736"
},
{
"category": "external",
"summary": "RHBZ#1406744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0736"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25"
},
{
"category": "external",
"summary": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt",
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt"
}
],
"release_date": "2016-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:54:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Padding Oracle in Apache mod_session_crypto"
},
{
"cve": "CVE-2016-2161",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1406753"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: DoS vulnerability in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2161"
},
{
"category": "external",
"summary": "RHBZ#1406753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2161"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25"
}
],
"release_date": "2016-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:54:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: DoS vulnerability in mod_auth_digest"
},
{
"acknowledgments": [
{
"names": [
"the OpenSSL project"
]
},
{
"names": [
"Shi Lei"
],
"organization": "Gear Team of Qihoo 360 Inc.",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-6304",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2016-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1377600"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OCSP Status Request extension unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "TLS server applications using OpenSSL versions in Red Hat Enterprise Linux 6 and 7 are only affected if they enable OCSP stapling support. Applications not enabling OCSP stapling support are not affected. Few applications implement OCSP stapling support and typically do not enable it by default.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6304"
},
{
"category": "external",
"summary": "RHBZ#1377600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377600"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6304",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6304"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20160922.txt",
"url": "https://www.openssl.org/news/secadv/20160922.txt"
}
],
"release_date": "2016-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:54:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OCSP Status Request extension unbounded memory growth"
},
{
"cve": "CVE-2016-7056",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-01-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1412120"
}
],
"notes": [
{
"category": "description",
"text": "A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: ECDSA P-256 timing attack key recovery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to exploit this flaw, the attacker needs to be have local (shell) access to the machine where the message is being signed using the ECDSA algorithm with a P-256 elliptic curve key. Then using cache timing attacks (which needs precise timing), on multiple signature runs, the private key could be obtained. Based on the factor that exploitation is difficult, Red Hat Product Security Team has rated this flaw as having Moderate impact. A further security release may address this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7056"
},
{
"category": "external",
"summary": "RHBZ#1412120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7056",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7056"
}
],
"release_date": "2017-01-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:54:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: ECDSA P-256 timing attack key recovery"
},
{
"acknowledgments": [
{
"names": [
"Shi Lei"
],
"organization": "Gear Team of Qihoo 360 Inc."
}
],
"cve": "CVE-2016-8610",
"discovery_date": "2016-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that are compiled against OpenSSL or GnuTLS and do not allocate an extra thread for processing ClientHello messages. Nginx is affected by this issue; Apache httpd is not affected by this issue. This issue has been rated as having a security impact of Moderate. It requires an attacker to send a very large amount of SSL ALERT messages to the host network connection. This issue can also be mitigated by configuring firewalls to limit the number of connections per IP address, or use deep packet inspection to reject these type of alert packets. A future update may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8610"
},
{
"category": "external",
"summary": "RHBZ#1384743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8610"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8610",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8610"
},
{
"category": "external",
"summary": "http://security.360.cn/cve/CVE-2016-8610",
"url": "http://security.360.cn/cve/CVE-2016-8610"
}
],
"release_date": "2016-10-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:54:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS"
},
{
"cve": "CVE-2016-8740",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2016-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1401528"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in httpd\u0027s handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server\u0027s available memory, causing httpd to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Incomplete handling of LimitRequestFields directive in mod_http2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future\nupdates. For additional information, refer to the Issue Severity\nClassification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8740"
},
{
"category": "external",
"summary": "RHBZ#1401528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8740"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Dec/3",
"url": "http://seclists.org/bugtraq/2016/Dec/3"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2016-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:54:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"category": "workaround",
"details": "As a temporary workaround - HTTP/2 can be disabled by changing\nthe configuration by removing h2 and h2c from the Protocols\nline(s) in the configuration file. \n\nThe resulting line should read:\n\n\t\tProtocols http/1.1",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Incomplete handling of LimitRequestFields directive in mod_http2"
},
{
"cve": "CVE-2016-8743",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1406822"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Apache HTTP Request Parsing Whitespace Defects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8743"
},
{
"category": "external",
"summary": "RHBZ#1406822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25"
}
],
"release_date": "2016-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-07T17:54:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Apache HTTP Request Parsing Whitespace Defects"
}
]
}
suse-su-2017:0203-1
Vulnerability from csaf_suse
Published
2017-01-19 09:35
Modified
2017-01-19 09:35
Summary
Security update for apache2
Notes
Title of the patch
Security update for apache2
Description of the patch
This update for apache2 fixes the following issues:
- CVE-2016-8740 Server memory can be exhausted and service denied when HTTP/2 is used [bsc#1013648]
Patchnames
SUSE-SLE-RPI-12-SP2-2017-99,SUSE-SLE-SDK-12-SP2-2017-99,SUSE-SLE-SERVER-12-SP2-2017-99
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for apache2 fixes the following issues:\n\n- CVE-2016-8740 Server memory can be exhausted and service denied when HTTP/2 is used [bsc#1013648]\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-RPI-12-SP2-2017-99,SUSE-SLE-SDK-12-SP2-2017-99,SUSE-SLE-SERVER-12-SP2-2017-99",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0203-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:0203-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170203-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:0203-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-January/002567.html"
},
{
"category": "self",
"summary": "SUSE Bug 1013648",
"url": "https://bugzilla.suse.com/1013648"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8740 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8740/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2017-01-19T09:35:36Z",
"generator": {
"date": "2017-01-19T09:35:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:0203-1",
"initial_release_date": "2017-01-19T09:35:36Z",
"revision_history": [
{
"date": "2017-01-19T09:35:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.23-16.3.aarch64",
"product": {
"name": "apache2-2.4.23-16.3.aarch64",
"product_id": "apache2-2.4.23-16.3.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-16.3.aarch64",
"product": {
"name": "apache2-example-pages-2.4.23-16.3.aarch64",
"product_id": "apache2-example-pages-2.4.23-16.3.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-16.3.aarch64",
"product": {
"name": "apache2-prefork-2.4.23-16.3.aarch64",
"product_id": "apache2-prefork-2.4.23-16.3.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-16.3.aarch64",
"product": {
"name": "apache2-utils-2.4.23-16.3.aarch64",
"product_id": "apache2-utils-2.4.23-16.3.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-16.3.aarch64",
"product": {
"name": "apache2-worker-2.4.23-16.3.aarch64",
"product_id": "apache2-worker-2.4.23-16.3.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.23-16.3.aarch64",
"product": {
"name": "apache2-devel-2.4.23-16.3.aarch64",
"product_id": "apache2-devel-2.4.23-16.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.23-16.3.noarch",
"product": {
"name": "apache2-doc-2.4.23-16.3.noarch",
"product_id": "apache2-doc-2.4.23-16.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-16.3.ppc64le",
"product": {
"name": "apache2-devel-2.4.23-16.3.ppc64le",
"product_id": "apache2-devel-2.4.23-16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-16.3.ppc64le",
"product": {
"name": "apache2-2.4.23-16.3.ppc64le",
"product_id": "apache2-2.4.23-16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-16.3.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.23-16.3.ppc64le",
"product_id": "apache2-example-pages-2.4.23-16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-16.3.ppc64le",
"product": {
"name": "apache2-prefork-2.4.23-16.3.ppc64le",
"product_id": "apache2-prefork-2.4.23-16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-16.3.ppc64le",
"product": {
"name": "apache2-utils-2.4.23-16.3.ppc64le",
"product_id": "apache2-utils-2.4.23-16.3.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-16.3.ppc64le",
"product": {
"name": "apache2-worker-2.4.23-16.3.ppc64le",
"product_id": "apache2-worker-2.4.23-16.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-16.3.s390x",
"product": {
"name": "apache2-devel-2.4.23-16.3.s390x",
"product_id": "apache2-devel-2.4.23-16.3.s390x"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-16.3.s390x",
"product": {
"name": "apache2-2.4.23-16.3.s390x",
"product_id": "apache2-2.4.23-16.3.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-16.3.s390x",
"product": {
"name": "apache2-example-pages-2.4.23-16.3.s390x",
"product_id": "apache2-example-pages-2.4.23-16.3.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-16.3.s390x",
"product": {
"name": "apache2-prefork-2.4.23-16.3.s390x",
"product_id": "apache2-prefork-2.4.23-16.3.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-16.3.s390x",
"product": {
"name": "apache2-utils-2.4.23-16.3.s390x",
"product_id": "apache2-utils-2.4.23-16.3.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-16.3.s390x",
"product": {
"name": "apache2-worker-2.4.23-16.3.s390x",
"product_id": "apache2-worker-2.4.23-16.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-16.3.x86_64",
"product": {
"name": "apache2-devel-2.4.23-16.3.x86_64",
"product_id": "apache2-devel-2.4.23-16.3.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-16.3.x86_64",
"product": {
"name": "apache2-2.4.23-16.3.x86_64",
"product_id": "apache2-2.4.23-16.3.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-16.3.x86_64",
"product": {
"name": "apache2-example-pages-2.4.23-16.3.x86_64",
"product_id": "apache2-example-pages-2.4.23-16.3.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-16.3.x86_64",
"product": {
"name": "apache2-prefork-2.4.23-16.3.x86_64",
"product_id": "apache2-prefork-2.4.23-16.3.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-16.3.x86_64",
"product": {
"name": "apache2-utils-2.4.23-16.3.x86_64",
"product_id": "apache2-utils-2.4.23-16.3.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-16.3.x86_64",
"product": {
"name": "apache2-worker-2.4.23-16.3.x86_64",
"product_id": "apache2-worker-2.4.23-16.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-16.3.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-doc-2.4.23-16.3.noarch"
},
"product_reference": "apache2-doc-2.4.23-16.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-example-pages-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-prefork-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-utils-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-utils-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-worker-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-worker-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-devel-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-16.3.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.ppc64le"
},
"product_reference": "apache2-devel-2.4.23-16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-16.3.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.s390x"
},
"product_reference": "apache2-devel-2.4.23-16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-16.3.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.x86_64"
},
"product_reference": "apache2-devel-2.4.23-16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-16.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.ppc64le"
},
"product_reference": "apache2-2.4.23-16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-16.3.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.s390x"
},
"product_reference": "apache2-2.4.23-16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-16.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.x86_64"
},
"product_reference": "apache2-2.4.23-16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-16.3.noarch as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-doc-2.4.23-16.3.noarch"
},
"product_reference": "apache2-doc-2.4.23-16.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-16.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-16.3.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-16.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-16.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-16.3.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.s390x"
},
"product_reference": "apache2-prefork-2.4.23-16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-16.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-utils-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-16.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-16.3.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.s390x"
},
"product_reference": "apache2-utils-2.4.23-16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-16.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.x86_64"
},
"product_reference": "apache2-utils-2.4.23-16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-worker-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-16.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-16.3.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.s390x"
},
"product_reference": "apache2-worker-2.4.23-16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-16.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.x86_64"
},
"product_reference": "apache2-worker-2.4.23-16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-16.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.ppc64le"
},
"product_reference": "apache2-2.4.23-16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-16.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.s390x"
},
"product_reference": "apache2-2.4.23-16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-16.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.x86_64"
},
"product_reference": "apache2-2.4.23-16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-16.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-16.3.noarch"
},
"product_reference": "apache2-doc-2.4.23-16.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-16.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-16.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-16.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-16.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-16.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.s390x"
},
"product_reference": "apache2-prefork-2.4.23-16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-16.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-utils-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-16.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-16.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.s390x"
},
"product_reference": "apache2-utils-2.4.23-16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-16.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.x86_64"
},
"product_reference": "apache2-utils-2.4.23-16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-16.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.aarch64"
},
"product_reference": "apache2-worker-2.4.23-16.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-16.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-16.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-16.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.s390x"
},
"product_reference": "apache2-worker-2.4.23-16.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-16.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.x86_64"
},
"product_reference": "apache2-worker-2.4.23-16.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-8740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8740"
}
],
"notes": [
{
"category": "general",
"text": "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-doc-2.4.23-16.3.noarch",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-doc-2.4.23-16.3.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-example-pages-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-prefork-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-utils-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-worker-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-16.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8740",
"url": "https://www.suse.com/security/cve/CVE-2016-8740"
},
{
"category": "external",
"summary": "SUSE Bug 1013648 for CVE-2016-8740",
"url": "https://bugzilla.suse.com/1013648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-doc-2.4.23-16.3.noarch",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-doc-2.4.23-16.3.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-example-pages-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-prefork-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-utils-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-worker-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-16.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-doc-2.4.23-16.3.noarch",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-example-pages-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-prefork-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-utils-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server 12 SP2:apache2-worker-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-doc-2.4.23-16.3.noarch",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-example-pages-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-prefork-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-utils-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:apache2-worker-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-16.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-16.3.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:apache2-devel-2.4.23-16.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-01-19T09:35:36Z",
"details": "moderate"
}
],
"title": "CVE-2016-8740"
}
]
}
ghsa-pfj2-72r3-p693
Vulnerability from github
Published
2022-05-13 01:09
Modified
2025-04-12 13:06
Severity ?
VLAI Severity ?
Details
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
{
"affected": [],
"aliases": [
"CVE-2016-8740"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-05T19:59:00Z",
"severity": "HIGH"
},
"details": "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.",
"id": "GHSA-pfj2-72r3-p693",
"modified": "2025-04-12T13:06:57Z",
"published": "2022-05-13T01:09:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8740"
},
{
"type": "WEB",
"url": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180423-0001"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208221"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/40909"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94650"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037388"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
wid-sec-w-2025-0370
Vulnerability from csaf_certbund
Published
2017-09-25 22:00
Modified
2025-02-13 23:00
Summary
Apple Mac OS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apple Mac OS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstelle in Apple Mac OS ausnutzen, um Code mit Kernel Privilegien auszuführen, Sicherheitsvorkehrungen zu umgehen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen.
Betroffene Betriebssysteme
- MacOS X
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apple Mac OS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstelle in Apple Mac OS ausnutzen, um Code mit Kernel Privilegien auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Denial of Service Angriff durchzuf\u00fchren oder vertrauliche Daten einzusehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0370 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2025-0370.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0370 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0370"
},
{
"category": "external",
"summary": "Apple Security Advisory HT208144 vom 2017-09-25",
"url": "https://support.apple.com/de-de/HT208144"
},
{
"category": "external",
"summary": "Updated Apple Security Advisory HT208144 vom 2017-10-31",
"url": "https://lists.apple.com/archives/security-announce/2017/Oct/msg00007.html"
},
{
"category": "external",
"summary": "Updated Apple Security Advisory HT208144 vom 2017-10-31",
"url": "https://lists.apple.com/archives/security-announce/2017/Oct/msg00001.html"
}
],
"source_lang": "en-US",
"title": "Apple Mac OS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-02-13T23:00:00.000+00:00",
"generator": {
"date": "2025-02-14T12:00:12.636+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0370",
"initial_release_date": "2017-09-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2017-09-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-10-31T23:00:00.000+00:00",
"number": "2",
"summary": "cve added"
},
{
"date": "2017-10-31T23:00:00.000+00:00",
"number": "3",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-10-31T23:00:00.000+00:00",
"number": "4",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-11-21T23:00:00.000+00:00",
"number": "5",
"summary": "cve added"
},
{
"date": "2017-11-21T23:00:00.000+00:00",
"number": "6",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-12-13T23:00:00.000+00:00",
"number": "7",
"summary": "New remediations available"
},
{
"date": "2025-02-13T23:00:00.000+00:00",
"number": "8",
"summary": "Korrektur"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.13",
"product": {
"name": "Apple macOS \u003c10.13",
"product_id": "T010822"
}
},
{
"category": "product_version",
"name": "10.13",
"product": {
"name": "Apple macOS 10.13",
"product_id": "T010822-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:10.13"
}
}
}
],
"category": "product_name",
"name": "macOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0736",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-0736"
},
{
"cve": "CVE-2016-2161",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-2161"
},
{
"cve": "CVE-2016-4736",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-4736"
},
{
"cve": "CVE-2016-5387",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-5387"
},
{
"cve": "CVE-2016-8740",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-8740"
},
{
"cve": "CVE-2016-8743",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-8743"
},
{
"cve": "CVE-2016-9042",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-9042"
},
{
"cve": "CVE-2016-9063",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-9063"
},
{
"cve": "CVE-2016-9840",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-9840"
},
{
"cve": "CVE-2016-9841",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-9841"
},
{
"cve": "CVE-2016-9842",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-9842"
},
{
"cve": "CVE-2016-9843",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-9843"
},
{
"cve": "CVE-2017-0381",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-0381"
},
{
"cve": "CVE-2017-1000100",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-1000100"
},
{
"cve": "CVE-2017-1000101",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-1000101"
},
{
"cve": "CVE-2017-1000373",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-1000373"
},
{
"cve": "CVE-2017-10140",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-10140"
},
{
"cve": "CVE-2017-10989",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-10989"
},
{
"cve": "CVE-2017-11103",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-11103"
},
{
"cve": "CVE-2017-11108",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-11108"
},
{
"cve": "CVE-2017-11541",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-11541"
},
{
"cve": "CVE-2017-11542",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-11542"
},
{
"cve": "CVE-2017-11543",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-11543"
},
{
"cve": "CVE-2017-12893",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12893"
},
{
"cve": "CVE-2017-12894",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12894"
},
{
"cve": "CVE-2017-12895",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12895"
},
{
"cve": "CVE-2017-12896",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12896"
},
{
"cve": "CVE-2017-12897",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12897"
},
{
"cve": "CVE-2017-12898",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12898"
},
{
"cve": "CVE-2017-12899",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12899"
},
{
"cve": "CVE-2017-12900",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12900"
},
{
"cve": "CVE-2017-12901",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12901"
},
{
"cve": "CVE-2017-12902",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12902"
},
{
"cve": "CVE-2017-12985",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12985"
},
{
"cve": "CVE-2017-12986",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12986"
},
{
"cve": "CVE-2017-12987",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12987"
},
{
"cve": "CVE-2017-12988",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12988"
},
{
"cve": "CVE-2017-12989",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12989"
},
{
"cve": "CVE-2017-12990",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12990"
},
{
"cve": "CVE-2017-12991",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12991"
},
{
"cve": "CVE-2017-12992",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12992"
},
{
"cve": "CVE-2017-12993",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12993"
},
{
"cve": "CVE-2017-12994",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12994"
},
{
"cve": "CVE-2017-12995",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12995"
},
{
"cve": "CVE-2017-12996",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12996"
},
{
"cve": "CVE-2017-12997",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12997"
},
{
"cve": "CVE-2017-12998",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12998"
},
{
"cve": "CVE-2017-12999",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12999"
},
{
"cve": "CVE-2017-13000",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13000"
},
{
"cve": "CVE-2017-13001",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13001"
},
{
"cve": "CVE-2017-13002",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13002"
},
{
"cve": "CVE-2017-13003",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13003"
},
{
"cve": "CVE-2017-13004",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13004"
},
{
"cve": "CVE-2017-13005",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13005"
},
{
"cve": "CVE-2017-13006",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13006"
},
{
"cve": "CVE-2017-13007",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13007"
},
{
"cve": "CVE-2017-13008",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13008"
},
{
"cve": "CVE-2017-13009",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13009"
},
{
"cve": "CVE-2017-13010",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13010"
},
{
"cve": "CVE-2017-13011",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13011"
},
{
"cve": "CVE-2017-13012",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13012"
},
{
"cve": "CVE-2017-13013",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13013"
},
{
"cve": "CVE-2017-13014",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13014"
},
{
"cve": "CVE-2017-13015",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13015"
},
{
"cve": "CVE-2017-13016",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13016"
},
{
"cve": "CVE-2017-13017",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13017"
},
{
"cve": "CVE-2017-13018",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13018"
},
{
"cve": "CVE-2017-13019",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13019"
},
{
"cve": "CVE-2017-13020",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13020"
},
{
"cve": "CVE-2017-13021",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13021"
},
{
"cve": "CVE-2017-13022",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13022"
},
{
"cve": "CVE-2017-13023",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13023"
},
{
"cve": "CVE-2017-13024",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13024"
},
{
"cve": "CVE-2017-13025",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13025"
},
{
"cve": "CVE-2017-13026",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13026"
},
{
"cve": "CVE-2017-13027",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13027"
},
{
"cve": "CVE-2017-13028",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13028"
},
{
"cve": "CVE-2017-13029",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13029"
},
{
"cve": "CVE-2017-13030",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13030"
},
{
"cve": "CVE-2017-13031",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13031"
},
{
"cve": "CVE-2017-13032",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13032"
},
{
"cve": "CVE-2017-13033",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13033"
},
{
"cve": "CVE-2017-13034",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13034"
},
{
"cve": "CVE-2017-13035",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13035"
},
{
"cve": "CVE-2017-13036",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13036"
},
{
"cve": "CVE-2017-13037",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13037"
},
{
"cve": "CVE-2017-13038",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13038"
},
{
"cve": "CVE-2017-13039",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13039"
},
{
"cve": "CVE-2017-13040",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13040"
},
{
"cve": "CVE-2017-13041",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13041"
},
{
"cve": "CVE-2017-13042",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13042"
},
{
"cve": "CVE-2017-13043",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13043"
},
{
"cve": "CVE-2017-13044",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13044"
},
{
"cve": "CVE-2017-13045",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13045"
},
{
"cve": "CVE-2017-13046",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13046"
},
{
"cve": "CVE-2017-13047",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13047"
},
{
"cve": "CVE-2017-13048",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13048"
},
{
"cve": "CVE-2017-13049",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13049"
},
{
"cve": "CVE-2017-13050",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13050"
},
{
"cve": "CVE-2017-13051",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13051"
},
{
"cve": "CVE-2017-13052",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13052"
},
{
"cve": "CVE-2017-13053",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13053"
},
{
"cve": "CVE-2017-13054",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13054"
},
{
"cve": "CVE-2017-13055",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13055"
},
{
"cve": "CVE-2017-13077",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13077"
},
{
"cve": "CVE-2017-13078",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13078"
},
{
"cve": "CVE-2017-13080",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13080"
},
{
"cve": "CVE-2017-13687",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13687"
},
{
"cve": "CVE-2017-13688",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13688"
},
{
"cve": "CVE-2017-13689",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13689"
},
{
"cve": "CVE-2017-13690",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13690"
},
{
"cve": "CVE-2017-13725",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13725"
},
{
"cve": "CVE-2017-13782",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13782"
},
{
"cve": "CVE-2017-13786",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13786"
},
{
"cve": "CVE-2017-13799",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13799"
},
{
"cve": "CVE-2017-13800",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13800"
},
{
"cve": "CVE-2017-13801",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13801"
},
{
"cve": "CVE-2017-13804",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13804"
},
{
"cve": "CVE-2017-13807",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13807"
},
{
"cve": "CVE-2017-13808",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13808"
},
{
"cve": "CVE-2017-13809",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13809"
},
{
"cve": "CVE-2017-13810",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13810"
},
{
"cve": "CVE-2017-13811",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13811"
},
{
"cve": "CVE-2017-13812",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13812"
},
{
"cve": "CVE-2017-13813",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13813"
},
{
"cve": "CVE-2017-13814",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13814"
},
{
"cve": "CVE-2017-13815",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13815"
},
{
"cve": "CVE-2017-13816",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13816"
},
{
"cve": "CVE-2017-13817",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13817"
},
{
"cve": "CVE-2017-13818",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13818"
},
{
"cve": "CVE-2017-13819",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13819"
},
{
"cve": "CVE-2017-13820",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13820"
},
{
"cve": "CVE-2017-13821",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13821"
},
{
"cve": "CVE-2017-13822",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13822"
},
{
"cve": "CVE-2017-13823",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13823"
},
{
"cve": "CVE-2017-13824",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13824"
},
{
"cve": "CVE-2017-13825",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13825"
},
{
"cve": "CVE-2017-13826",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13826"
},
{
"cve": "CVE-2017-13827",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13827"
},
{
"cve": "CVE-2017-13828",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13828"
},
{
"cve": "CVE-2017-13829",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13829"
},
{
"cve": "CVE-2017-13830",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13830"
},
{
"cve": "CVE-2017-13831",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13831"
},
{
"cve": "CVE-2017-13832",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13832"
},
{
"cve": "CVE-2017-13833",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13833"
},
{
"cve": "CVE-2017-13834",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13834"
},
{
"cve": "CVE-2017-13836",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13836"
},
{
"cve": "CVE-2017-13837",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13837"
},
{
"cve": "CVE-2017-13838",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13838"
},
{
"cve": "CVE-2017-13839",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13839"
},
{
"cve": "CVE-2017-13840",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13840"
},
{
"cve": "CVE-2017-13841",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13841"
},
{
"cve": "CVE-2017-13842",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13842"
},
{
"cve": "CVE-2017-13843",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13843"
},
{
"cve": "CVE-2017-13846",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13846"
},
{
"cve": "CVE-2017-13851",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13851"
},
{
"cve": "CVE-2017-13854",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13854"
},
{
"cve": "CVE-2017-3167",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-3167"
},
{
"cve": "CVE-2017-3169",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-3169"
},
{
"cve": "CVE-2017-6451",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6451"
},
{
"cve": "CVE-2017-6452",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6452"
},
{
"cve": "CVE-2017-6455",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6455"
},
{
"cve": "CVE-2017-6458",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6458"
},
{
"cve": "CVE-2017-6459",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6459"
},
{
"cve": "CVE-2017-6460",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6460"
},
{
"cve": "CVE-2017-6462",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6462"
},
{
"cve": "CVE-2017-6463",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6463"
},
{
"cve": "CVE-2017-6464",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6464"
},
{
"cve": "CVE-2017-7074",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7074"
},
{
"cve": "CVE-2017-7077",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7077"
},
{
"cve": "CVE-2017-7078",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7078"
},
{
"cve": "CVE-2017-7080",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7080"
},
{
"cve": "CVE-2017-7082",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7082"
},
{
"cve": "CVE-2017-7083",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7083"
},
{
"cve": "CVE-2017-7084",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7084"
},
{
"cve": "CVE-2017-7086",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7086"
},
{
"cve": "CVE-2017-7114",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7114"
},
{
"cve": "CVE-2017-7119",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7119"
},
{
"cve": "CVE-2017-7121",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7121"
},
{
"cve": "CVE-2017-7122",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7122"
},
{
"cve": "CVE-2017-7123",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7123"
},
{
"cve": "CVE-2017-7124",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7124"
},
{
"cve": "CVE-2017-7125",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7125"
},
{
"cve": "CVE-2017-7126",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7126"
},
{
"cve": "CVE-2017-7127",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7127"
},
{
"cve": "CVE-2017-7128",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7128"
},
{
"cve": "CVE-2017-7129",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7129"
},
{
"cve": "CVE-2017-7130",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7130"
},
{
"cve": "CVE-2017-7132",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7132"
},
{
"cve": "CVE-2017-7138",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7138"
},
{
"cve": "CVE-2017-7141",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7141"
},
{
"cve": "CVE-2017-7143",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7143"
},
{
"cve": "CVE-2017-7144",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7144"
},
{
"cve": "CVE-2017-7659",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7659"
},
{
"cve": "CVE-2017-7668",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7668"
},
{
"cve": "CVE-2017-7679",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7679"
},
{
"cve": "CVE-2017-9233",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-9233"
},
{
"cve": "CVE-2017-9788",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-9788"
},
{
"cve": "CVE-2017-9789",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-9789"
}
]
}
opensuse-su-2024:10623-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
apache2-2.4.49-1.1 on GA media
Notes
Title of the patch
apache2-2.4.49-1.1 on GA media
Description of the patch
These are all security issues fixed in the apache2-2.4.49-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10623
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "apache2-2.4.49-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the apache2-2.4.49-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10623",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10623-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2005-3352 page",
"url": "https://www.suse.com/security/cve/CVE-2005-3352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2005-3357 page",
"url": "https://www.suse.com/security/cve/CVE-2005-3357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-3747 page",
"url": "https://www.suse.com/security/cve/CVE-2006-3747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-5752 page",
"url": "https://www.suse.com/security/cve/CVE-2006-5752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-1862 page",
"url": "https://www.suse.com/security/cve/CVE-2007-1862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-1863 page",
"url": "https://www.suse.com/security/cve/CVE-2007-1863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3304 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3847 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-4465 page",
"url": "https://www.suse.com/security/cve/CVE-2007-4465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-5000 page",
"url": "https://www.suse.com/security/cve/CVE-2007-5000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-6388 page",
"url": "https://www.suse.com/security/cve/CVE-2007-6388/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-6420 page",
"url": "https://www.suse.com/security/cve/CVE-2007-6420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-6421 page",
"url": "https://www.suse.com/security/cve/CVE-2007-6421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-6422 page",
"url": "https://www.suse.com/security/cve/CVE-2007-6422/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0005 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1678 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-2364 page",
"url": "https://www.suse.com/security/cve/CVE-2008-2364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-2939 page",
"url": "https://www.suse.com/security/cve/CVE-2008-2939/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5387 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8740 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9798 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10081 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10082 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10092 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10097 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10098 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9517 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9517/"
}
],
"title": "apache2-2.4.49-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10623-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.49-1.1.aarch64",
"product": {
"name": "apache2-2.4.49-1.1.aarch64",
"product_id": "apache2-2.4.49-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.49-1.1.ppc64le",
"product": {
"name": "apache2-2.4.49-1.1.ppc64le",
"product_id": "apache2-2.4.49-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.49-1.1.s390x",
"product": {
"name": "apache2-2.4.49-1.1.s390x",
"product_id": "apache2-2.4.49-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.49-1.1.x86_64",
"product": {
"name": "apache2-2.4.49-1.1.x86_64",
"product_id": "apache2-2.4.49-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.49-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64"
},
"product_reference": "apache2-2.4.49-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.49-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le"
},
"product_reference": "apache2-2.4.49-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.49-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x"
},
"product_reference": "apache2-2.4.49-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.49-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
},
"product_reference": "apache2-2.4.49-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-3352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2005-3352"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2005-3352",
"url": "https://www.suse.com/security/cve/CVE-2005-3352"
},
{
"category": "external",
"summary": "SUSE Bug 138083 for CVE-2005-3352",
"url": "https://bugzilla.suse.com/138083"
},
{
"category": "external",
"summary": "SUSE Bug 142507 for CVE-2005-3352",
"url": "https://bugzilla.suse.com/142507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2005-3352"
},
{
"cve": "CVE-2005-3357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2005-3357"
}
],
"notes": [
{
"category": "general",
"text": "mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2005-3357",
"url": "https://www.suse.com/security/cve/CVE-2005-3357"
},
{
"category": "external",
"summary": "SUSE Bug 138083 for CVE-2005-3357",
"url": "https://bugzilla.suse.com/138083"
},
{
"category": "external",
"summary": "SUSE Bug 142338 for CVE-2005-3357",
"url": "https://bugzilla.suse.com/142338"
},
{
"category": "external",
"summary": "SUSE Bug 186167 for CVE-2005-3357",
"url": "https://bugzilla.suse.com/186167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2005-3357"
},
{
"cve": "CVE-2006-3747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-3747"
}
],
"notes": [
{
"category": "general",
"text": "Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-3747",
"url": "https://www.suse.com/security/cve/CVE-2006-3747"
},
{
"category": "external",
"summary": "SUSE Bug 194675 for CVE-2006-3747",
"url": "https://bugzilla.suse.com/194675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2006-3747"
},
{
"cve": "CVE-2006-5752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-5752"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-5752",
"url": "https://www.suse.com/security/cve/CVE-2006-5752"
},
{
"category": "external",
"summary": "SUSE Bug 289996 for CVE-2006-5752",
"url": "https://bugzilla.suse.com/289996"
},
{
"category": "external",
"summary": "SUSE Bug 308637 for CVE-2006-5752",
"url": "https://bugzilla.suse.com/308637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2006-5752"
},
{
"cve": "CVE-2007-1862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-1862"
}
],
"notes": [
{
"category": "general",
"text": "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-1862",
"url": "https://www.suse.com/security/cve/CVE-2007-1862"
},
{
"category": "external",
"summary": "SUSE Bug 280414 for CVE-2007-1862",
"url": "https://bugzilla.suse.com/280414"
},
{
"category": "external",
"summary": "SUSE Bug 308637 for CVE-2007-1862",
"url": "https://bugzilla.suse.com/308637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-1862"
},
{
"cve": "CVE-2007-1863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-1863"
}
],
"notes": [
{
"category": "general",
"text": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-1863",
"url": "https://www.suse.com/security/cve/CVE-2007-1863"
},
{
"category": "external",
"summary": "SUSE Bug 289997 for CVE-2007-1863",
"url": "https://bugzilla.suse.com/289997"
},
{
"category": "external",
"summary": "SUSE Bug 308637 for CVE-2007-1863",
"url": "https://bugzilla.suse.com/308637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-1863"
},
{
"cve": "CVE-2007-3304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3304"
}
],
"notes": [
{
"category": "general",
"text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3304",
"url": "https://www.suse.com/security/cve/CVE-2007-3304"
},
{
"category": "external",
"summary": "SUSE Bug 286685 for CVE-2007-3304",
"url": "https://bugzilla.suse.com/286685"
},
{
"category": "external",
"summary": "SUSE Bug 308637 for CVE-2007-3304",
"url": "https://bugzilla.suse.com/308637"
},
{
"category": "external",
"summary": "SUSE Bug 422464 for CVE-2007-3304",
"url": "https://bugzilla.suse.com/422464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-3304"
},
{
"cve": "CVE-2007-3847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3847"
}
],
"notes": [
{
"category": "general",
"text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3847",
"url": "https://www.suse.com/security/cve/CVE-2007-3847"
},
{
"category": "external",
"summary": "SUSE Bug 308637 for CVE-2007-3847",
"url": "https://bugzilla.suse.com/308637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-3847"
},
{
"cve": "CVE-2007-4465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-4465"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-4465",
"url": "https://www.suse.com/security/cve/CVE-2007-4465"
},
{
"category": "external",
"summary": "SUSE Bug 308637 for CVE-2007-4465",
"url": "https://bugzilla.suse.com/308637"
},
{
"category": "external",
"summary": "SUSE Bug 310161 for CVE-2007-4465",
"url": "https://bugzilla.suse.com/310161"
},
{
"category": "external",
"summary": "SUSE Bug 325655 for CVE-2007-4465",
"url": "https://bugzilla.suse.com/325655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-4465"
},
{
"cve": "CVE-2007-5000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-5000"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-5000",
"url": "https://www.suse.com/security/cve/CVE-2007-5000"
},
{
"category": "external",
"summary": "SUSE Bug 353859 for CVE-2007-5000",
"url": "https://bugzilla.suse.com/353859"
},
{
"category": "external",
"summary": "SUSE Bug 355888 for CVE-2007-5000",
"url": "https://bugzilla.suse.com/355888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-5000"
},
{
"cve": "CVE-2007-6388",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-6388"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-6388",
"url": "https://www.suse.com/security/cve/CVE-2007-6388"
},
{
"category": "external",
"summary": "SUSE Bug 352235 for CVE-2007-6388",
"url": "https://bugzilla.suse.com/352235"
},
{
"category": "external",
"summary": "SUSE Bug 355888 for CVE-2007-6388",
"url": "https://bugzilla.suse.com/355888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-6388"
},
{
"cve": "CVE-2007-6420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-6420"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-6420",
"url": "https://www.suse.com/security/cve/CVE-2007-6420"
},
{
"category": "external",
"summary": "SUSE Bug 353261 for CVE-2007-6420",
"url": "https://bugzilla.suse.com/353261"
},
{
"category": "external",
"summary": "SUSE Bug 373903 for CVE-2007-6420",
"url": "https://bugzilla.suse.com/373903"
},
{
"category": "external",
"summary": "SUSE Bug 422464 for CVE-2007-6420",
"url": "https://bugzilla.suse.com/422464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-6420"
},
{
"cve": "CVE-2007-6421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-6421"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-6421",
"url": "https://www.suse.com/security/cve/CVE-2007-6421"
},
{
"category": "external",
"summary": "SUSE Bug 353261 for CVE-2007-6421",
"url": "https://bugzilla.suse.com/353261"
},
{
"category": "external",
"summary": "SUSE Bug 355888 for CVE-2007-6421",
"url": "https://bugzilla.suse.com/355888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2007-6421"
},
{
"cve": "CVE-2007-6422",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-6422"
}
],
"notes": [
{
"category": "general",
"text": "The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-6422",
"url": "https://www.suse.com/security/cve/CVE-2007-6422"
},
{
"category": "external",
"summary": "SUSE Bug 353261 for CVE-2007-6422",
"url": "https://bugzilla.suse.com/353261"
},
{
"category": "external",
"summary": "SUSE Bug 355888 for CVE-2007-6422",
"url": "https://bugzilla.suse.com/355888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2007-6422"
},
{
"cve": "CVE-2008-0005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0005"
}
],
"notes": [
{
"category": "general",
"text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0005",
"url": "https://www.suse.com/security/cve/CVE-2008-0005"
},
{
"category": "external",
"summary": "SUSE Bug 353262 for CVE-2008-0005",
"url": "https://bugzilla.suse.com/353262"
},
{
"category": "external",
"summary": "SUSE Bug 355888 for CVE-2008-0005",
"url": "https://bugzilla.suse.com/355888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0005"
},
{
"cve": "CVE-2008-1678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1678"
}
],
"notes": [
{
"category": "general",
"text": "Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1678",
"url": "https://www.suse.com/security/cve/CVE-2008-1678"
},
{
"category": "external",
"summary": "SUSE Bug 392096 for CVE-2008-1678",
"url": "https://bugzilla.suse.com/392096"
},
{
"category": "external",
"summary": "SUSE Bug 422464 for CVE-2008-1678",
"url": "https://bugzilla.suse.com/422464"
},
{
"category": "external",
"summary": "SUSE Bug 566238 for CVE-2008-1678",
"url": "https://bugzilla.suse.com/566238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-1678"
},
{
"cve": "CVE-2008-2364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-2364"
}
],
"notes": [
{
"category": "general",
"text": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-2364",
"url": "https://www.suse.com/security/cve/CVE-2008-2364"
},
{
"category": "external",
"summary": "SUSE Bug 408832 for CVE-2008-2364",
"url": "https://bugzilla.suse.com/408832"
},
{
"category": "external",
"summary": "SUSE Bug 422464 for CVE-2008-2364",
"url": "https://bugzilla.suse.com/422464"
},
{
"category": "external",
"summary": "SUSE Bug 443824 for CVE-2008-2364",
"url": "https://bugzilla.suse.com/443824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-2364"
},
{
"cve": "CVE-2008-2939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-2939"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-2939",
"url": "https://www.suse.com/security/cve/CVE-2008-2939"
},
{
"category": "external",
"summary": "SUSE Bug 210904 for CVE-2008-2939",
"url": "https://bugzilla.suse.com/210904"
},
{
"category": "external",
"summary": "SUSE Bug 415061 for CVE-2008-2939",
"url": "https://bugzilla.suse.com/415061"
},
{
"category": "external",
"summary": "SUSE Bug 422464 for CVE-2008-2939",
"url": "https://bugzilla.suse.com/422464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-2939"
},
{
"cve": "CVE-2016-5387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5387"
}
],
"notes": [
{
"category": "general",
"text": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5387",
"url": "https://www.suse.com/security/cve/CVE-2016-5387"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 988486 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988486"
},
{
"category": "external",
"summary": "SUSE Bug 988487 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988487"
},
{
"category": "external",
"summary": "SUSE Bug 988488 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988489"
},
{
"category": "external",
"summary": "SUSE Bug 988491 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988491"
},
{
"category": "external",
"summary": "SUSE Bug 988492 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988492"
},
{
"category": "external",
"summary": "SUSE Bug 989125 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989125"
},
{
"category": "external",
"summary": "SUSE Bug 989174 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989174"
},
{
"category": "external",
"summary": "SUSE Bug 989684 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5387"
},
{
"cve": "CVE-2016-8740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8740"
}
],
"notes": [
{
"category": "general",
"text": "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8740",
"url": "https://www.suse.com/security/cve/CVE-2016-8740"
},
{
"category": "external",
"summary": "SUSE Bug 1013648 for CVE-2016-8740",
"url": "https://bugzilla.suse.com/1013648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-8740"
},
{
"cve": "CVE-2017-9798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9798"
}
],
"notes": [
{
"category": "general",
"text": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\u0027s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9798",
"url": "https://www.suse.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "SUSE Bug 1058058 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1058058"
},
{
"category": "external",
"summary": "SUSE Bug 1060757 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1060757"
},
{
"category": "external",
"summary": "SUSE Bug 1077582 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1077582"
},
{
"category": "external",
"summary": "SUSE Bug 1078450 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1078450"
},
{
"category": "external",
"summary": "SUSE Bug 1089997 for CVE-2017-9798",
"url": "https://bugzilla.suse.com/1089997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-9798"
},
{
"cve": "CVE-2019-10081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10081"
}
],
"notes": [
{
"category": "general",
"text": "HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request\u0027s pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10081",
"url": "https://www.suse.com/security/cve/CVE-2019-10081"
},
{
"category": "external",
"summary": "SUSE Bug 1145742 for CVE-2019-10081",
"url": "https://bugzilla.suse.com/1145742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10081"
},
{
"cve": "CVE-2019-10082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10082"
}
],
"notes": [
{
"category": "general",
"text": "In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10082",
"url": "https://www.suse.com/security/cve/CVE-2019-10082"
},
{
"category": "external",
"summary": "SUSE Bug 1145741 for CVE-2019-10082",
"url": "https://bugzilla.suse.com/1145741"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10082"
},
{
"cve": "CVE-2019-10092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10092"
}
],
"notes": [
{
"category": "general",
"text": "In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10092",
"url": "https://www.suse.com/security/cve/CVE-2019-10092"
},
{
"category": "external",
"summary": "SUSE Bug 1145740 for CVE-2019-10092",
"url": "https://bugzilla.suse.com/1145740"
},
{
"category": "external",
"summary": "SUSE Bug 1182703 for CVE-2019-10092",
"url": "https://bugzilla.suse.com/1182703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-10092"
},
{
"cve": "CVE-2019-10097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10097"
}
],
"notes": [
{
"category": "general",
"text": "In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10097",
"url": "https://www.suse.com/security/cve/CVE-2019-10097"
},
{
"category": "external",
"summary": "SUSE Bug 1145739 for CVE-2019-10097",
"url": "https://bugzilla.suse.com/1145739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10097"
},
{
"cve": "CVE-2019-10098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10098"
}
],
"notes": [
{
"category": "general",
"text": "In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10098",
"url": "https://www.suse.com/security/cve/CVE-2019-10098"
},
{
"category": "external",
"summary": "SUSE Bug 1145738 for CVE-2019-10098",
"url": "https://bugzilla.suse.com/1145738"
},
{
"category": "external",
"summary": "SUSE Bug 1168407 for CVE-2019-10098",
"url": "https://bugzilla.suse.com/1168407"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-10098"
},
{
"cve": "CVE-2019-9517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9517"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9517",
"url": "https://www.suse.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "SUSE Bug 1145575 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1145575"
},
{
"category": "external",
"summary": "SUSE Bug 1146097 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1146097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache2-2.4.49-1.1.aarch64",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.ppc64le",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.s390x",
"openSUSE Tumbleweed:apache2-2.4.49-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-9517"
}
]
}
fkie_cve-2016-8740
Vulnerability from fkie_nvd
Published
2016-12-05 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html | Exploit, Third Party Advisory, VDB Entry | |
| security@apache.org | http://rhn.redhat.com/errata/RHSA-2017-1415.html | ||
| security@apache.org | http://www.securityfocus.com/bid/94650 | Third Party Advisory, VDB Entry | |
| security@apache.org | http://www.securitytracker.com/id/1037388 | Third Party Advisory, VDB Entry | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:1161 | ||
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:1413 | ||
| security@apache.org | https://access.redhat.com/errata/RHSA-2017:1414 | ||
| security@apache.org | https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3 | Issue Tracking, Patch, Third Party Advisory | |
| security@apache.org | https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us | ||
| security@apache.org | https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://security.gentoo.org/glsa/201701-36 | ||
| security@apache.org | https://security.netapp.com/advisory/ntap-20180423-0001/ | ||
| security@apache.org | https://support.apple.com/HT208221 | ||
| security@apache.org | https://www.exploit-db.com/exploits/40909/ | Exploit, Third Party Advisory, VDB Entry | |
| security@apache.org | https://www.tenable.com/security/tns-2017-04 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-1415.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94650 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037388 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1161 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1413 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1414 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-36 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20180423-0001/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT208221 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40909/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2017-04 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | http_server | 2.4.17 | |
| apache | http_server | 2.4.18 | |
| apache | http_server | 2.4.19 | |
| apache | http_server | 2.4.20 | |
| apache | http_server | 2.4.21 | |
| apache | http_server | 2.4.22 | |
| apache | http_server | 2.4.23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F45B27-504B-4202-87B8-BD3B094003F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "F2FB2B98-DFD2-420A-8A7F-9B288651242F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE538EE-7152-4DB5-AE45-614494CB7B95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B803D25B-0A19-4569-BA05-09D58F33917C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "BE253E49-9A56-49C8-B1D8-E23BB3D5D1D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5A73E5-1A04-420B-92B2-B90FD970005C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "8510442C-212F-4013-85FA-E0AB59F6F2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request."
},
{
"lang": "es",
"value": "El m\u00f3dulo mod_http2 en el Apache HTTP Server 2.4.17 hasta la versi\u00f3n 2.4.23, cuando la configuraci\u00f3n Protocols incluye h2 o h2c, no restringe la longitud de la cabecera de petici\u00f3n, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de marcos CONTINUATION manipulados en una petici\u00f3n HTTP/2."
}
],
"id": "CVE-2016-8740",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-05T19:59:00.250",
"references": [
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html"
},
{
"source": "security@apache.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94650"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037388"
},
{
"source": "security@apache.org",
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"source": "security@apache.org",
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"source": "security@apache.org",
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3"
},
{
"source": "security@apache.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"source": "security@apache.org",
"url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
},
{
"source": "security@apache.org",
"url": "https://support.apple.com/HT208221"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40909/"
},
{
"source": "security@apache.org",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40909/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/tns-2017-04"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…